www.securityweek.com 7/9/2026, 5:32:14 AM · external

Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices

Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices
Developing story vulnerability 4 articles tracked
Tenda router firmware backdoor (CVE-2026-11405) grants admin access
CyberSIXT Evidence Panel
Primary Source kb.cert.org
CISA KEV Not in KEV
Patch Patch Status Unknown

A security researcher has identified an undocumented backdoor in various Tenda firmware versions, allowing unauthorized administrative access to devices' web management interfaces. This vulnerability, tracked as CVE-2026-11405, affects Tenda routers, switches, and networking devices. The flaw facilitates authentication bypass due to the login mechanism's failure to validate usernames properly. Consequently, attackers can modify configurations and disable security features.

The CERT Coordination Center (CERT/CC) notes that no patch is available, urging users to disable remote web management and change default IP addresses to minimize risks. Additionally, CERT/CC disclosed another vulnerability in HP Deskjet 2800 series printers (CVE-2026-13753), enabling unauthorized access to sensitive admin data without authentication. No patch for this flaw has been released either.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline