PT-2026-55969 · Tenda · Ac5+4
Published
2026-07-06
·
Updated
2026-07-07
·
CVE-2026-11405
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Tenda firmware US FH1201V1.0BR V1.2.0.14(408) EN TD
Tenda firmware US W15EV1.0br V15.11.0.5(1068 1567 841) EN TDE
Tenda firmware US AC10V1.0re V15.03.06.46 multi TDE01
Tenda firmware US AC5V1.0RTL V15.03.06.48 multi TDE01
Tenda firmware US AC6V2.0RTL V15.03.06.51 multi T
Description
A hidden backdoor authentication mechanism exists in the web server binary
/bin/httpd within the login() function. While the system typically uses MD5-based password verification via prod encode64(), PasswordToMd5(), and check rand key(), the login() function is designed to fall back to an alternate method if normal authentication fails. It retrieves a backdoor password from the device configuration using GetValue("sys.rzadmin.password") and performs a direct plaintext comparison using strcmp() against the user-supplied password. A successful match grants administrative access (role=2) and creates a valid session regardless of the username provided.Recommendations
Update Tenda firmware US FH1201V1.0BR V1.2.0.14(408) EN TD to the latest version.
Update Tenda firmware US W15EV1.0br V15.11.0.5(1068 1567 841) EN TDE to the latest version.
Update Tenda firmware US AC10V1.0re V15.03.06.46 multi TDE01 to the latest version.
Update Tenda firmware US AC5V1.0RTL V15.03.06.48 multi TDE01 to the latest version.
Update Tenda firmware US AC6V2.0RTL V15.03.06.51 multi T to the latest version.
Restrict network access to the web management interface to minimize the risk of exploitation.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ac10
Ac5
Ac6
Fh1201
W15E