These popular Tenda routers have an unpatched security backdoor which could give hackers access
- CERT/CC discloses CVE‑2026‑11405, a critical 9.8/10 flaw in multiple Tenda router families caused by a hardcoded backdoor credential
- Attackers can bypass normal login checks and gain full admin access with the hidden password, regardless of configured username or password
- Tenda has not responded; CERT/CC advises disabling remote web management and limiting local exposure, though these are only partial mitigations
Multiple Tenda router families carry a critical vulnerability that allows malicious actors to log in with admin privileges without knowing the credentials, experts have found.
The CERT Coordination Center disclosed a vulnerability in Tenda routers which it described as an undocumented authentication backdoor caused by a hardcoded credential.
The flaw is tracked as CVE-2026-11405 and was assigned a severity score of 9.8/10 (critical). CERT/CC allegedly tried reaching out to the manufacturer, to no avail.
How the vulnerability works
Explaining how it works, CERT/CC says that the attacker would first try to...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE