Tenda firmware (multiple versions) contains hidden authentication backdoor(kb.cert.org)
242 points by miniBill 12 hours ago | 78 comments
tl;dr: Multiple Tenda router firmware versions contain a hardcoded authentication backdoor (CVE-2026-11405) in the httpd binary's login() function: if normal MD5 password auth fails, it falls back to a plaintext strcmp against a value stored in `sys.rzadmin.password`, granting admin-level access with any username. The vendor could not be reached, so no patch exists; recommended mitigations are disabling remote management and changing the default LAN IP.
HN Discussion:
  • Vendor firmware is untrustworthy; users should install OpenWRT or avoid such devices entirely
  • Provides additional technical context, such as the backdoor password value or firmware encryption
  • This reflects incompetence rather than malice, given the amateurish nature of the backdoor
  • Avoid Chinese-manufactured networking gear entirely due to recurring security issues
  • ~Skepticism that Western networking vendors are any more trustworthy than Chinese ones