Tuesday , July 7 2026
Tenda

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to the device’s web interface. An attacker can use this flaw, known as CVE-2026-11405, to skip the password check and take full control without proper login details, the CERT Coordination Center (CERT/CC) reported on Monday.

“An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials,” the CERT/CC said in an alert.

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to the device's web interface. An...
Read More
CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Daily Cyber security update for 6. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 6. 07. 2026

“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

A new Linux flaw called “Bad Epoll” (CVE-2026-46242) lets regular users get root access on Linux servers, desktops, and Android...
Read More
“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

An AI performed a cyber attack without any human help for the first time

Security experts found what they think is the first time an AI carried out a cyber attack all by itself....
Read More
An AI performed a cyber attack without any human help for the first time

Singapore major data centres, cloud providers could incur fine up to $1m

Major data center and cloud service providers might have to pay a fine of up to $1 million or up...
Read More
Singapore major data centres, cloud providers could incur fine up to $1m

IBM-managed instance breach exposes personal data of 70,000 in Singapore

The Singapore Land Authority (SLA) has announced that the personal details of around 70,000 people were leaked after someone accessed...
Read More
IBM-managed instance breach exposes personal data of 70,000 in Singapore

Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

Alibaba is said to be getting ready to ban the use of Anthropic’s Claude Code in its own systems starting...
Read More
Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious problem affecting Microsoft SharePoint Server to its list of...
Read More
CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

Nepal Unveils First “Hall of Fame” for Ethical Hackers

Nepal has started a 'Hall of Fame' program to honor cybersecurity researchers who safely report security flaws in government digital...
Read More
Nepal Unveils First “Hall of Fame” for Ethical Hackers

900+ Oracle E-Business instances Exposed Online

The Shadowserver Foundation found about 950 Oracle E-Business Suite (EBS) systems on the internet around the world. This discovery came...
Read More
900+ Oracle E-Business instances Exposed Online

The vulnerability impacts multiple versions of the firmware:

US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE
US_AC10V1.0re_V15.03.06.46_multi_TDE01
US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
US_AC6V2.0RTL_V15.03.06.51_multi_T

The backdoor feature is found in the “login()” function of the “/bin/httpd” web server. It first checks passwords normally with MD5. If the password check fails, it uses a different code path.

Calling “GetValue(“sys.rzadmin.password”)” retrieves a different password value from the device settings. Then, it checks if the password given by the user matches the stored one. If they match, the app gives access to admin-level (role=2) and starts a session with higher privileges.

“The associated [“rzadmin”] username is not validated, so any provided username will succeed when paired with the backdoor password,” the CERT/CC said. “This backdoor authentication mechanism is not documented or visible through any administrative interface.”

Successful use of this username check flaw gives full admin access to the device’s web interface, no matter what the admin credentials are. This could let an attacker change settings from afar, turn off security features, or change the device setup, which might result in taking over the whole device.

The issue, pointed out by a nameless researcher, is not patched yet.

Users should turn off remote management on the device and change the default LAN IP address. This will help stop bad actors from getting in and lower the chances of automated scanners finding it by targeting usual default IP ranges.

Check Also

macOS

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more …