Tenda firmware (multiple versions) contains hidden authentication backdoor
- Security
- Hardware
- Open Source
- Infrastructure
CERT/CC disclosed a vulnerability in multiple Tenda router firmware versions that exposes a hidden authentication path. Any username can log in if paired with a hard-coded backdoor password. Commenters filled in the missing value from older reverse-engineering work and from inspecting newer firmware images themselves. The password is "rzadmin". One commenter also found the same credential in a June 2026 firmware image, along with code paths that appear to collect device details and retrieve admin credentials, which made people doubt this is an old issue that has already been cleaned up. The big conclusion was not "is this espionage" but "this is what low-end router software looks like." Even people who rejected the malice theory still saw it as a predictable product of support shortcuts, debug features left in production, and a market that does not reward secure firmware. That fed into a practical stance: avoid opaque vendor firmware when you can, use OpenWrt or a self-managed firewall where possible, and isolate vendor gear when you cannot replace it. A smaller but important point was exposure. Some argued the direct blast radius is limited if remote management is off and the attacker cannot reach the local network. Others pushed back that once you stop trusting the firmware, you also have to consider outbound tunnels, cloud management hooks, and the fact that compromised network gear affects everything behind it, not just the box itself.
If you run Tenda gear, assume stock firmware is untrustworthy until replaced or isolated. More broadly, treat low-end networking hardware as hostile by default and make open firmware, segmentation, and independent firewalls part of your buying standard.
-
kb.cert.org
- Discuss on HN