Impact
A hidden backdoor authentication mechanism in the Tenda firmware web server allows an attacker to gain administrator roles without proper credentials. The server’s login function first attempts a normal MD5‑based password check but, if it fails, reads a backdoor password stored in the device configuration and compares it directly to supplied password using a plaintext strcmp. Any username is accepted, so providing the backdoor password grants role=2, which equals full administrative access for the web management interface.
Affected Systems
This flaw is present in all affected T the /bin/httpd binary described. No specific version numbers are provided, so the vulnerability likely spans multiple firmware builds that include this code path.
Risk and Exploitability
The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, yet its impact remains severe. The backdoor bypasses authentication entirely, enabling an attacker who can reach the web interface (remote or local) to assume full control of the device. The flaw requires no special privileges beyond reaching the interface, so exploitation is straightforward once the attacker can connect to the device’s HTTP port. Given the high potential for compromise, this vulnerability poses.
OpenCVE Enrichment