Critical Backdoor Vulnerability in Tenda Routers Exposes Admin Access

Critical Backdoor Vulnerability in Tenda Routers Exposes Admin Access

First seen 7 Jul 2026, 12:27 UTC Kb.CertThehackernewsCybersecuritynewsSecurityaffairs.CoRescana+5 87% similarity 69.9

Article Content

Browse articles
ThreatCluster

A critical vulnerability, CVE-2026-11405, has been discovered in multiple Tenda router firmware versions, allowing unauthenticated attackers to gain full administrative control via a hidden backdoor. This flaw exists in the /bin/httpd binary, where the login() function bypasses standard authentication mechanisms by retrieving a hidden password from device configurations. Affected models include the FH1201, W15E, AC10, AC5, and AC6 series. No patch is currently available, and exploitation attempts are already underway, with automated scanners probing for vulnerable devices. Security advisories recommend disabling remote management and changing default LAN IPs to mitigate risks. The vulnerability has been confirmed by CERT/CC, and public proof-of-concept code has emerged, further escalating the threat landscape.

Key Points: • CVE-2026-11405 allows full admin access to Tenda routers without valid credentials. • No patch is available, and exploitation attempts are actively occurring in the wild. • Security teams are advised to disable remote management and change default LAN IPs.

ThreatCluster AI

Timeline

2026-07-06
CVE-2026-11405 published
CERT/CC disclosed a critical backdoor vulnerability in Tenda router firmware, enabling unauthorized admin access.
Kb.Cert
2026-07-07
First public PoC released
Public proof-of-concept code for exploiting CVE-2026-11405 was made available, increasing exploitation risks.
Rescana
Recent
Automated scanning reported
Security teams have observed automated scanners targeting vulnerable Tenda routers, indicating active exploitation.
Bleepingcomputer

Community

Browse all →