Tenda firmware (multiple versions) contains hidden authentication backdoor

Nature of the Tenda Backdoor

  • Firmware contains a hardcoded “rzadmin” credential stored as sys.rzadmin.username/password, base64-encoded but trivial to decode.
  • The backdoor password works regardless of the normal admin password and appears not to be changeable via the UI.
  • The username is reportedly not validated; any username paired with the backdoor password is accepted.
  • Some describe it as so obvious it’s “more front door than back door.”

Firmware Analysis and Extra Functionality

  • Newer firmware images are OpenSSL‑encrypted, making auditing harder.
  • At least one unencrypted image shows rzadmin and a guest/guest pair in config files.
  • Binary analysis suggests:
    • The httpd login function explicitly checks sys.rzadmin.password before throwing a “password wrong” error.
    • An imsd component can upload logs including SSIDs, MACs, IPs, admin usernames, and has a function to retrieve the admin password.
    • A related library exposes a command set that looks like cloud management / remote debugging plumbing.

Malice vs. Incompetence

  • Split views:
    • Some see this as a debug/support convenience (forgotten in production), consistent with many low‑end vendors and past industry practice (default admin/admin, etc.).
    • Others argue that in security one should not default to “stupidity”; plausible deniability makes deliberate backdoors look like accidents.
  • Several security‑focused commenters state that, in their experience, the vast majority of vulnerabilities are unintentional, though intent is ultimately unclear here.

Trust in Router Vendors and Alternatives

  • Many say this reinforces distrust of closed, vendor firmware on consumer routers.
  • Strong support for:
    • Using OpenWrt or similar where possible.
    • Rolling your own router/firewall on commodity hardware (thin clients, mini‑PCs, old laptops) and using separate access points.
  • Some note trade‑offs: OpenWrt may not fully exploit proprietary Wi‑Fi features (MIMO/beamforming), and high‑speed (>1 Gbps) routing can push people toward closed, hardware‑accelerated boxes.

Broader Security and Policy Concerns

  • Backdoors in network gear affect not just the owner but the wider internet (botnets, DDoS, etc.).
  • Several note that similar issues exist across vendors and countries; blaming one geography alone is seen as simplistic.
  • Frustration that intentional or negligent backdoors face little legal consequence, while security researchers can face harsh penalties.