Tenda Routers Have Unpatched Backdoor, Cybersecurity Researchers Warn
Multiple versions of Tenda router firmware are affected by a critical authentication backdoor, according to a disclosure from CERT/CC. The vulnerability, identified as CVE-2026-11405, allows unauthorized users to gain full administrator access to the routers without needing any credentials. Cybersecurity researchers have attempted to notify Tenda about this serious security flaw. However, the company has not yet released a patch to address the issue, leaving users exposed. CERT/CC has been unable to reach Tenda to ensure the vulnerability is fixed. This unpatched backdoor poses a significant risk to the security of home and small business networks that rely on Tenda devices.
The discovery of an unpatched authentication backdoor in Tenda routers highlights a critical gap in device security and vendor responsiveness. The vulnerability, CVE-2026-11405, permits unauthorized administrative access, potentially exposing user data and network integrity. The failure of Tenda, a significant hardware manufacturer, to address warnings from CERT/CC raises questions about their internal security protocols and commitment to customer safety. In an era of increasing cyber threats and interconnected devices, such oversights can have widespread implications, undermining trust in the Internet of Things ecosystem. Future product development and supply chain management must prioritize robust security testing and transparent communication channels with vulnerability researchers to prevent similar risks.
AI-generated to prompt reflection — not editorial opinion, not advice, not a statement of fact. How this works.