Hidden backdoor in Tenda routers goes unpatched as company ignores warnings from cybersecurity researchers — affected firmware allows admin access without a password
CERT/CC has disclosed a critical authentication backdoor affecting multiple Tenda router firmware versions.
Tracked as CVE-2026-11405, the flaw grants full administrator access without valid credentials, and no vendor patch is currently available after CERT failed to reach Tenda.