Multiple Tenda router firmware versions contain an undocumented authentication backdoor that allows attackers to bypass login and gain full administrative access, according to a recent report by Security Affairs.The vulnerability, tracked as CVE-2026-11405, resides in the login function of the router's web server binary. If the normal password check fails, the system attempts to retrieve a hidden password from the device configuration and compares it directly with the user-supplied password. Any username can be used with this backdoor password to achieve administrative privileges, completely bypassing the owner's set credentials. Affected models include the FH1201, W15E, AC10, AC5, and AC6.Successful exploitation grants attackers full control, enabling them to redirect traffic, disable security features, or use the router as a pivot point into the connected network. The backdoor is hardcoded into the firmware and cannot be disabled through the management interface. CERT/CC recommends disabling remote management and changing the default LAN IP address as interim mitigations until Tenda releases a patch, though the vendor has not yet responded.Source: Security Affairs
Network Security
Tenda routers have unpatched backdoor vulnerability, CERT/CC warns

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



