Critical Undocumented Authentication Backdoor Found in Multiple Tenda Router Firmware Versions (CVE-2026-11405)
By
miniBill
Summary
CERT/CC has disclosed a critical vulnerability (CVE-2026-11405) in multiple versions of Tenda firmware, revealing an undocumented authentication backdoor. This backdoor allows attackers to bypass password verification and gain full administrative control over affected devices' web management interfaces without valid credentials. The vulnerability impacts several Tenda router models including FH1201, W15E, AC10, AC5, and AC6 running specific firmware versions.
Source
Key quotes
· 2 pulledSeveral versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces.
An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials.
You might also wanna read
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Hidden backdoor in Tenda router firmware grants admin access
Critical PTC Windchill Vulnerability CVE-2026-12569 Actively Exploited; CISA Orders Federal Remediation
CVE-2026-12569 is a critical vulnerability in PTC Windchill and FlexPLM caused by improper input validation, allowing remote unauthenticated
CVE-2026-5667: Unauthenticated Remote Control Vulnerability in Mitsubishi MAC-577IF-2E WiFi Air Conditioner Adapters
A security researcher discovered CVE-2026-5667, a critical vulnerability in Mitsubishi MAC-577IF-2E WiFi adapters used in air conditioners.
Critical KMW CCTV Vulnerability (CVE-2026-5386) Allows Remote Attackers to Hijack Camera Feeds
A critical security vulnerability (CVE-2026-5386) has been discovered in KMW CCTV security cameras, carrying a CVSS v3 score of 9.1. The fla
cybersecuritynews.com·1mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.