Hidden backdoor in Tenda router firmware grants admin access

Hidden backdoor in Tenda router firmware grants admin access
A hidden authentication backdoor in multiple Tenda router firmware versions can let an attacker gain full administrative access to the web management panel by supplying a special password. CERT/CC says CVE-2026-11405 affects several Tenda routers, no patch is available yet, and users are advised to disable remote web management and reduce LAN exposure. #Tenda #CVE-2026-11405 #CERTCC

Keypoints

  • A hidden authentication backdoor exists in multiple Tenda router firmware versions.
  • The flaw is tracked as CVE-2026-11405.
  • The backdoor checks a plaintext password from sys.rzadmin.password after normal login fails.
  • Successful use grants administrator access to the router web interface.
  • No patch is available, so users should disable remote web management and limit LAN exposure.

Read More: https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/