Ethical Hacking News
A critical vulnerability has been discovered in the firmware of several Tenda routers, allowing attackers to bypass password verification and gain full administrative control over the device. Read more about the hidden admin backdoor and how users can protect themselves.
Multiple versions of Tenda's router firmware contain a hidden backdoor vulnerability. Attackers can bypass password verification and gain full administrative control over the device. The backdoor allows unauthorized access even if a user has entered their correct password. The associated username "rzadmin" is not validated, making it vulnerable to exploitation. Disabling remote management and changing default IP addresses can help mitigate the risk of exploitation.
The cybersecurity landscape has recently been thrown into chaos by the revelation of a hidden admin backdoor in the firmware of several router models produced by Chinese network device manufacturer Tenda. The CERT Coordination Center (CERT/CC), a trusted and authoritative source of threat intelligence, has issued an alert warning users of this vulnerability, which poses a significant risk to home network security.
According to the CERT/CC, multiple versions of Tenda's firmware have been found to contain this hidden backdoor, allowing attackers to bypass password verification and gain full administrative control over the device. This means that even if a user has set a strong password for their router's web management interface, an attacker can still exploit this vulnerability to gain unauthorized access.
The backdoor functionality is present within the "/bin/httpd" web server binary, which is responsible for handling authentication requests. When the authentication process fails, the backdoor activates an alternate code path that allows it to fetch an alternate password value from the device configuration and perform a direct plaintext comparison between the user-supplied password and the configuration-stored value.
If these values match, the application grants admin-level access (role=2) and creates a valid session with elevated privileges. This means that even if a user has entered their correct password, the backdoor can still override this and grant administrative access to an attacker.
The associated username "rzadmin" is not validated, so any provided username will succeed when paired with the backdoor password. This allows successful exploitation of this standard username validation override, granting full administrative access to the device's web interface regardless of the administrator account credentials.
This vulnerability remains unpatched as of writing, leaving users vulnerable to attack. In order to minimize the risk of exploitation, Tenda has advised users to disable remote management on their devices and change the default LAN IP address to prevent bad actors from reaching it and reduce opportunistic discovery by automated scanners that target known default IP ranges.
The implications of this vulnerability are far-reaching, and it highlights the importance of keeping software up-to-date and patching vulnerabilities promptly. In addition to the security risks posed by this backdoor, it also underscores the need for greater vigilance in monitoring and responding to cybersecurity threats.
In conclusion, the hidden admin backdoor in Tenda router firmware is a significant threat to home network security that must not be taken lightly. Users are advised to take immediate action to mitigate this risk, including disabling remote management and changing default IP addresses.
Related Information:
https://www.ethicalhackingnews.com/articles/CERTCC-Warns-of-Hidden-Admin-Backdoor-in-Tenda-Router-Firmware-A-Grave-Threat-to-Home-Network-Security-ehn.shtml
https://thehackernews.com/2026/07/certcc-warns-of-hidden-admin-backdoor.html
Published: Tue Jul 7 03:24:57 2026 by llama3.2 3B Q4_K_M