These popular Tenda routers have an unpatched security backdoor that could give hackers access.



  • CERT/CC reveals CVE-2026-11405, a 9.8/10 critical flaw in multiple Tenda router families caused by a hard-coded backdoor credential
  • Attackers can bypass normal login checks and gain full administrator access with the password hidden, regardless of the configured username or password.
  • Tenda has not responded; CERT/CC recommends disabling remote web administration and limiting local exposure, although these are only partial mitigations.

Experts have discovered that several families of Tenda routers have a critical vulnerability that allows malicious actors to log in with administrator privileges without knowing the credentials.

The CERT Coordination Center revealed a vulnerability in Tenda routers that it described as an undocumented authentication backdoor caused by an encrypted credential.

Leave a Comment

Your email address will not be published. Required fields are marked *