Securityaffairs.Co
Critical Backdoor in Tenda Firmware Exposes Devices to Unauthorized Access
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A serious vulnerability in multiple Tenda firmware versions has been disclosed, allowing attackers to exploit an undocumented authentication backdoor, tracked as CVE-2026-11405. This flaw enables unauthorized users to gain full administrative access to affected devices, including models FH1201, W15E, AC10, AC5, and AC6. The backdoor bypasses normal password verification, allowing any username paired with a specific hidden password to succeed. Currently, there is no patch available, and the vendor has not responded to requests for coordination. Users are advised to disable remote management and restrict local network exposure as mitigation strategies. The vulnerability was published by CERT/CC on July 6, 2026, and poses a significant risk to network security.
Key Points: • Tenda firmware contains a critical backdoor allowing full admin access without valid credentials. • The vulnerability affects multiple router models and is tracked as CVE-2026-11405. • No patch is available; users should disable remote management to mitigate risks.