These popular Tenda routers have an unpatched security backdoor that could give hackers access


  • CERT/CC reveals CVE‑2026‑11405, a critical 9.8/10 flaw in multiple Tenda router families caused by a hardcoded backdoor identifier
  • Attackers can bypass normal login controls and gain full admin access with the hidden password, regardless of the username or password configured.
  • Tenda did not respond; CERT/CC advises disabling remote web management and limiting local exposure, although these are only partial mitigation measures.

Several families of Tenda routers feature a critical vulnerability that allows malicious actors to log in with administrator privileges without knowing credentials, experts have discovered.

The CERT Coordination Center revealed a vulnerability in Tenda routers that it described as an undocumented authentication backdoor caused by a hardcoded credential.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top