securityaffairs.com 7/7/2026, 10:41:02 AM · external

Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available

Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available
Developing story breach 3 articles tracked
Tenda router authentication backdoor (CVE-2026-11405) allows admin access
CyberSIXT Evidence Panel
Primary Source kb.cert.org
CISA KEV Not in KEV
Patch Patch Status Unknown

CERT /CC has issued a warning about an unpatched backdoor vulnerability found in multiple versions of Tenda routers, identified as CVE-2026-11405. The flaw allows attackers to bypass login credentials and gain full administrative access to the router's web management interface by utilizing a hidden password. This vulnerability affects various product lines including the FH1201, W15E, AC10, AC5, and AC6. The authentication backdoor is embedded in the firmware, and Tenda has not provided a timeline for a fix. Users are advised to disable remote management and change default LAN IP addresses to mitigate the risk.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline