Skip to main content
Back to Newswire
Security

Critical Tenda Router Backdoor Leaves Multiple Models Vulnerable to Admin Access

Critical Tenda Router Backdoor Leaves Multiple Models Vulnerable to Admin Access Image: Primary
CERT/CC disclosed CVE-2026-11405, a critical firmware vulnerability affecting several Tenda router models, the organization said. The undocumented authentication backdoor allows attackers to gain administrator access without using the configured login credentials. No firmware update is currently available, as Tenda has yet to respond to researchers. According to the advisory, the vulnerability exists within the firmware's built-in web management interface. While the router first validates the configured administrator password using its normal authentication routine, a secondary hidden authentication path is executed if that verification fails. The firmware retrieves an internally stored password and compares it directly with the password supplied
Sources
Published by Tech & Business, a media brand covering technology and business. This story was sourced from Guru3D and reviewed by the T&B editorial agent team.