CERT/CC warns that multiple firmware versions from Chinese router manufacturer Tenda contain an undocumented authentication backdoor that can bypass normal login checks. According to the reports, the flaw is tracked as CVE-2026-11405 and affects the devices’ web management interface, potentially allowing an attacker to gain administrative access without valid credentials.
The issue is described as a hidden backdoor mechanism embedded in the firmware, which can be triggered to circumvent password verification. Bleeping Computer and The Hacker News both report that the backdoor could enable unauthorized control of the router’s management panel if exploited.
Both sources frame the finding as a security risk impacting affected firmware releases and note that exploitation would require an attacker to reach the management interface in a way that permits the backdoor’s use. The warnings urge attention to the vulnerability and appropriate mitigations, such as identifying whether a given device runs affected firmware and applying any available vendor fixes or updates.