CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
CERT/CC warned that several Tenda firmware versions contain an undocumented authentication backdoor tracked as CVE-2026-11405, allowing attackers to bypass password checks and gain full administrative access to the web management interface. The flaw is still unpatched, and users are advised to disable remote management and change the default LAN IP address to reduce exposure. #Tenda #CVE-2026-11405 #CERTCC

Keypoints

  • Several Tenda firmware versions contain an undocumented admin backdoor.
  • The issue is tracked as CVE-2026-11405 by CERT/CC.
  • An attacker can bypass password verification and obtain full administrative control.
  • The backdoor uses the rzadmin password stored in device configuration.
  • The vulnerability is unpatched, and users should disable remote management and change the default LAN IP.

Read More: https://thehackernews.com/2026/07/certcc-warns-of-hidden-admin-backdoor.html