Critical Backdoor Vulnerability Found in Multiple Tenda Routers

A severe security flaw in various Tenda router models allows attackers to bypass login authentication using a hidden hardcoded password, risking unauthorized network access.

Critical Backdoor Vulnerability Found in Multiple Tenda Routers
Sarah Collins

Sarah Collins

Computing Editor

Specializes in PCs, laptops, components, and productivity-focused computing tech.

What is the Tenda router backdoor vulnerability?

Several Tenda router models contain a critical security flaw that allows attackers to bypass normal administrative login. This vulnerability stems from a hardcoded, hidden password embedded within the router firmware. If an attacker knows this password, they can gain full administrator access to the device without needing the legitimate user credentials.

This issue is classified as CVE-2026-11405 with a critical severity score of 9.8 out of 10. Importantly, the vulnerability is not limited to one model but affects multiple Tenda router families, including FH1201, W15E, AC10, AC5, AC6, and potentially others.

How does the vulnerability impact users and networks?

Hidden Backdoor in Tenda Router Firmware - BankInfoSecurity
Hidden Backdoor in Tenda Router Firmware - BankInfoSecurity

The flaw allows an attacker with local network access—or potentially remote access if remote management is enabled—to log into the router's web interface as an administrator using the hidden password, bypassing all configured login controls. This means attackers can alter router settings, intercept network traffic, redirect users to malicious websites, or further compromise connected devices.

Since the hidden password is embedded in the firmware, it can be extracted through reverse-engineering and may become available on underground forums or public sources, increasing the risk of exploitation.

What can Tenda router owners do to protect themselves?

Tenda has not issued a patch or official response to this vulnerability, leaving users exposed. Until a fix is released, the primary defensive measures include:

  • Disable remote web management: This limits the attack surface by preventing external access to the router's management interface.
  • Restrict local network access: Limit and monitor devices connected to your router, ensuring only trusted users and devices have access.
  • Consider replacing affected hardware: If possible, upgrade to routers from other manufacturers with strong security track records and timely updates.

These measures can reduce—but not completely eliminate—the risk, as the backdoor remains in the device firmware.

Why does this vulnerability matter for cybersecurity?

Tenda Left a Backdoor in Its Own Routers — and It Hands Out Full Admin -  Hardware Busters
Tenda Left a Backdoor in Its Own Routers — and It Hands Out Full Admin - Hardware Busters

Router security is a foundational aspect of network safety since these devices control internal and external traffic flow. Backdoors with administrative privileges undermine trust in network integrity and can lead to wide-ranging attacks including data theft, surveillance, or malware deployment.

Budget routers like those from Tenda are widely used in homes and small businesses, especially in some regions where the brand is popular. The lack of timely patches from manufacturers exacerbates the risk, making awareness and proactive mitigation crucial for users.

React to this story

Related Posts