Security · 2h ago
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
CERT/CC disclosed an undocumented authentication backdoor in multiple Tenda router firmware versions, tracked as CVE-2026-11405. The flaw allows attackers to bypass password verification and gain administrative access to the device's web management interface. Tenda has not yet released a patch for the vulnerability.
Meridian48 take
The backdoor's deliberate embedding raises serious supply chain security concerns, especially given Tenda's market presence in consumer and small-business networking.
Read the full reporting
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware →
The Hacker News
tenda-backdoorrouter-vulnerability