A security researcher has identified an undocumented backdoor in various Tenda firmware versions, allowing unauthorized administrative access to devices' web management interfaces. This vulnerability, tracked as CVE-2026-11405, affects Tenda routers, switches, and networking devices. The flaw facilitates authentication bypass due to the login mechanism's failure to validate usernames properly. Consequently, attackers can modify configurations and disable security features.
The CERT Coordination Center (CERT/CC) notes that no patch is available, urging users to disable remote web management and change default IP addresses to minimize risks. Additionally, CERT/CC disclosed another vulnerability in HP Deskjet 2800 series printers (CVE-2026-13753), enabling unauthorized access to sensitive admin data without authentication. No patch for this flaw has been released either.