Security · 1h ago
Unpatched Tenda Router Backdoor Grants Admin Access Without Password
A critical authentication backdoor in multiple Tenda router firmware versions, tracked as CVE-2026-11405, allows full admin access without credentials. CERT/CC disclosed the flaw after failing to reach Tenda for a patch. No fix is available, leaving users vulnerable.
Meridian48 take
Tenda's silence on a known backdoor underscores the risks of unresponsive vendors in the IoT supply chain.
Read the full reporting
Hidden backdoor in Tenda routers goes unpatched as company ignores warnings from cybersecurity researchers — Chinese company's firmware allows admin access without a password →
Tom's Hardware
tenda-backdoorrouter-security