
CERT Warns of Unpatched Tenda Firmware Backdoor Allowing Admin Access
The CERT Coordination Center (CERT/CC) has disclosed a critical security issue affecting multiple Tenda networking devices. Tracked as CVE-2026-11405, the vulnerability stems from an undocumented backdoor in Tenda firmware that allows unauthenticated attackers to gain administrative access to a device’s web management interface. The flaw remains unpatched, prompting CERT to recommend immediate mitigation measures for affected users.
According to CERT, the vulnerability impacts multiple Tenda routers, switches, and other networking products. Security researchers discovered the issue within the login function of the device’s web server binary, where the authentication process contains logic ...