Network Security

Tenda routers have unpatched backdoor vulnerability, CERT/CC warns

Cybersecurity Alert Critical System Vulnerability Detected

Multiple Tenda router firmware versions contain an undocumented authentication backdoor that allows attackers to bypass login and gain full administrative access, according to a recent report by Security Affairs.

The vulnerability, tracked as CVE-2026-11405, resides in the login function of the router's web server binary. If the normal password check fails, the system attempts to retrieve a hidden password from the device configuration and compares it directly with the user-supplied password. Any username can be used with this backdoor password to achieve administrative privileges, completely bypassing the owner's set credentials. Affected models include the FH1201, W15E, AC10, AC5, and AC6.

Successful exploitation grants attackers full control, enabling them to redirect traffic, disable security features, or use the router as a pivot point into the connected network. The backdoor is hardcoded into the firmware and cannot be disabled through the management interface. CERT/CC recommends disabling remote management and changing the default LAN IP address as interim mitigations until Tenda releases a patch, though the vendor has not yet responded.

Source: Security Affairs

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds