Tenda firmware (multiple versions) contains hidden authentication backdoor
A critical security vulnerability (CVE-2026-11405) has been discovered in multiple Tenda firmware versions, exposing a hidden authentication backdoor. This flaw allows attackers to bypass password verification and gain full administrative control over network devices.
menu icon-carat-right cmu-wordmark Home Notes Search Report a Vulnerability Disclosure Guidance VINCE Carnegie Mellon University Software Engineering Institute CERT Coordination Center Home Notes Search Report a Vulnerability Disclosure Guidance VINCE Home Notes Current: VU#213560 Tenda firmware (multiple versions) contains hidden authentication backdoor Vulnerability Note VU#213560 Original Release Date: 2026-07-06 | Last Revised: 2026-07-06 --> --> --> --> --> --> Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials.
Get the full story
Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.
Create free accountAlready have an account? Sign in