securityonline.info 7/7/2026, 5:58:26 AM · external

Tenda routers hit by CVE-2026-11405 backdoor giving admin control

Tenda routers hit by CVE-2026-11405 backdoor giving admin control
CyberSIXT Evidence Panel
Primary Source kb.cert.org
CISA KEV Not in KEV
Patch Patch Status Unknown

TENDA routers have a critical vulnerability identified as CVE-2026-11405, which includes a hidden authentication backdoor granting full administrative access to attackers. Currently, there is no confirmed exploitation or public proof-of-concept. Affected firmware versions include several Tenda models, which if breached, allow attackers to gain control over network settings and security features. Mitigation measures include disabling remote web management and changing the default LAN IP address. The situation emphasizes the need for immediate action as Tenda has not released a patch.

View Primary Source Via securityonline.info

Article by CyberSIXT