Securityaffairs.Co
Critical Backdoor Vulnerability in Tenda Routers Exposes Admin Access
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability, CVE-2026-11405, has been discovered in multiple Tenda router firmware versions, allowing unauthenticated attackers to gain full administrative control via a hidden backdoor. This flaw exists in the /bin/httpd binary, where the login() function bypasses standard authentication mechanisms by retrieving a hidden password from device configurations. Affected models include the FH1201, W15E, AC10, AC5, and AC6 series. No patch is currently available, and exploitation attempts are already underway, with automated scanners probing for vulnerable devices. Security advisories recommend disabling remote management and changing default LAN IPs to mitigate risks. The vulnerability has been confirmed by CERT/CC, and public proof-of-concept code has emerged, further escalating the threat landscape.
Key Points: • CVE-2026-11405 allows full admin access to Tenda routers without valid credentials. • No patch is available, and exploitation attempts are actively occurring in the wild. • Security teams are advised to disable remote management and change default LAN IPs.