Skip to content
Tech Trivia

Jin Daily Tech Trivia: China router secret admin backdoor

By

Jin Daily Tech Trivia: China router secret admin backdoor

Security researchers found an undocumented backdoor inside several T* router firmware versions.

Normally, when you enter the wrong admin password, the router should reject you.

But these routers secretly check a second password stored inside the firmware under:

sys.rzadmin.password

Match that hidden password and the router gives you full admin access.

The crazier part?

The username does not even matter.

This is not just a normal software bug. It is basically a hidden second login system that users cannot see or disable from the control panel.

Confirmed affected firmware includes models from the FH1201, W15E, AC10, AC5 and AC6 families, and we tested it work on the latest model sold in Malaysia as well.

Once inside, an attacker could change your DNS, redirect your internet traffic, disable security settings or use the router to attack other devices in your network.

And currently, there is still no patch because CERT/CC could not get a response from said company.

So, if you are using those cheap china router:

Disable remote web management immediately.

And honestly, if your model is affected, maybe it is time to replace the router.

Cheap router can be expensive when it becomes the front door to your entire network. 馃槄

CVE > https://www.cve.org/CVERecord?id=CVE-2026-11405

Jin Daily Tech Trivia: China router secret admin backdoor illustration

Related trivia