Backdoor Found in the Firmware for These Wi-Fi Routers. And There's No Patch
A hidden administrative backdoor in Tenda router firmware allows unauthenticated remote access, and no patch currently exists.
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
A vulnerability identified as CVE-2026-11405 has been discovered in Tenda router firmware. This hidden admin backdoor enables remote access to the devices without requiring a password.
Coverage from ZDNET, PCMag, and The Hacker News emphasizes that the firmware allows this unauthorized access. Reports from Tom's Hardware and Rescana further note that the Chinese company has ignored warnings from cybersecurity researchers, and the vulnerability is being actively exploited.
Attention is focused on the lack of a patch for the affected routers following warnings issued by CERT/CC.
Synthesized by Archynetys from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.
Quick answers
Which devices are affected by this vulnerability?
The backdoor is located in the firmware of Tenda routers.
What is the specific CVE identifier for this issue?
The vulnerability is identified as CVE-2026-11405.
Is there a fix available for the backdoor?
According to coverage from PCMag and Tom's Hardware, there is currently no patch.
Coverage (5)
- Your Tenda router could have a hidden firmware backdoor ZDNET · 1d ago
- Active Exploitation Alert: Hidden Admin Backdoor (CVE-2026-11405) in Tenda Router Firmware Enables Unauthenticated Remote Access Rescana · 1d ago
- CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware The Hacker News · 1d ago
- Hidden backdoor in Tenda routers goes unpatched as company ignores warnings from cybersecurity researchers — Chinese company's firmware allows admin access without a password Tom's Hardware · 1d ago
- Backdoor Found in the Firmware for These Wi-Fi Routers. And There's No Patch PCMag · 1d ago
Topics
Related trends
Microsoft shares new Windows 11 Update install strategy every admin and user must know
Microsoft is overhauling its Windows 11 update and vulnerability management strategy to combat AI-powered security threats.
Apple stops signing iOS versions for several older iPhones and iPads [U]
Apple is updating security across its ecosystem while simultaneously ending support for iOS versions on older iPhone and iPad models.
Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has issued patches for multiple critical flaws, including a maximum severity UniFi OS vulnerability.
China issues 'backdoor' security alert over Anthropic's Claude Code
China has issued a security alert claiming the discovery of a 'backdoor' in Anthropic's AI coding tool, Claude Code.
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors are actively exploiting a critical authentication bypass vulnerability in Gitea Docker (CVE-2026-20896) following its disclosure.
Flipper Zero firmware development continues with community help
Flipper Zero is restructuring its firmware development process through new community contribution rules and a strategic roadmap.