Hidden Backdoor in Tenda Firmware Grants Full Admin Access Without Password
Tenda firmware (multiple versions) contains hidden authentication backdoor
I uncovered a critical flaw in several Tenda firmware versions where a hidden backdoor bypasses standard password checks. Attackers can exploit this to gain full administrative control over routers and access points simply by using a specific secret password, regardless of the configured username. Since the vendor remains unreachable, users must disable remote management to protect their networks.
"The associated username is not validated, so any provided username will succeed when paired with the backdoor password."