Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

CERT/CC warns of hidden admin backdoor in Tenda router firmware

(Lan Gao / Unsplash)

By Ravie Lakshmanan

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices’ web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday.

“An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials,” the CERT/CC said in an alert.

The backdoor functionality is present within the “login()” function of the “/bin/httpd” web server binary. While the method initially follows a normal authentication path using MD5-based password verification, it activates an alternate code path if the authentication fails.

Read more at The Hacker News

Click to listen highlighted text!