These popular Tenda routers have an unpatched security backdoor that can allow hackers access


  • CERT/CC Reveals CVE-2026-11405, a Critical 9.8/10 Vulnerability in Multiple Tenda Router Families Caused by a Hardcoded Credential Backdoor
  • Attackers can bypass normal login checks and gain full administrator access with the hidden password, regardless of configured username or password
  • Tenda has not responded; CERT/CC recommends disabling web remote control and limiting local exposure, although these are only partial restrictions

Several Tenda router families have a critical vulnerability that allows malicious actors to log in with administrator privileges without knowing the credentials, experts have found.

The CERT Coordination Center disclosed a vulnerability in Tenda routers, which it described as an undocumented authentication backdoor caused by a hard-coded credential.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top