A hidden backdoor found in select Tenda firmware has raised fresh concern about the security of home routers. The flaw, tracked as CVE-2026-11405, could let unauthorized users reach administrator access without valid credentials.
That is a serious issue because a router sits at the center of network traffic in both homes and small offices. If the gateway device is compromised, every connected device can face added risk.
What the flaw allows
CERT/CC said the issue involves a concealed authentication mechanism in the web login function of certain Tenda routers. The mechanism is not a simple software bug, but a special password stored inside the firmware configuration.
With that password, an attacker may enter the admin panel and receive full administrator privileges even if the owner set a different username or password. This kind of access opens the door to broad control over the device.
Models reported as affected
| Model | Reported status | Type of concern |
|---|---|---|
| Tenda FH1201 | Affected in certain firmware versions | Hidden backdoor in web login |
| Tenda W15E | Affected in certain firmware versions | Hidden backdoor in web login |
| Tenda AC10 | Affected in certain firmware versions | Hidden backdoor in web login |
| Tenda AC5 | Affected in certain firmware versions | Hidden backdoor in web login |
| Tenda AC6 V2 | Affected in certain firmware versions | Hidden backdoor in web login |
The list does not mean every unit is automatically exposed, but owners of these models should check the exact device and firmware version they are using. That distinction matters before any next step is taken.
Why the impact is broad
Routers control important functions such as user authentication, firewall settings, Wi-Fi configuration, and system administration. When the weakness sits at firmware level, the attacker may gain unusually wide control.
Once administrator access is taken over, the device could be used to change DNS settings and redirect users to phishing pages. It could also enable remote access, reroute traffic to malicious servers, or turn the router into part of a botnet for DDoS attacks.
In other cases, an intruder may monitor connection metadata and tamper with unencrypted traffic. That increases the chance of data exposure even if the internet connection still appears to work normally.
Why routers keep attracting attacks
Economical routers are often targeted because many users do not update firmware regularly. That habit lets older vulnerabilities remain in the field long after they are known.
Default factory credentials also create an easy opening when owners do not change them. If remote management stays enabled as well, the attack surface becomes even larger.
Vendor support cycles can make the problem worse. Once a device reaches end of life, security updates may stop, leaving no official fix for newly discovered flaws.
What users should do now
Reports say a formal patch for CVE-2026-11405 may not yet be available for every model. For that reason, users are being urged to reduce exposure through immediate mitigation.
The first step is to disable remote web management so the admin panel cannot be reached from the internet. Access should remain limited to the local network whenever possible.
Owners should also check Tenda’s support pages regularly for firmware updates. If a router is already old and no longer supported, replacing it with a model that still receives security updates is a practical option.
Basic router hygiene remains important as well. Use WPA2 or WPA3, turn off WPS and UPnP if they are not needed, and set a long, unique administrator password.
Regular checks of connected devices can help spot suspicious activity earlier. On a device that is often overlooked, that habit can be the difference between a safe network and a compromised one.
Source: mediaindonesia.com






