Hidden backdoor in Tenda routers goes unpatched as company ignores warnings from cybersecurity researchers — Chinese company's firmware allows admin access without a password

CERT/CC has disclosed a critical authentication backdoor affecting multiple Tenda router firmware versions. Tracked as CVE-2026-11405, the flaw grants full administrator access without valid credentials, and no vendor patch is currently available after CERT failed to reach Tenda.
The disclosure of an unpatched critical vulnerability in widely used network hardware highlights ongoing cybersecurity risks and the challenges of managing supply chain integrity in technology.
This event underscores geopolitical tensions in technology supply chains and the potential for state-backed exploits, impacting national security and critical infrastructure.
The disclosure demonstrates a significant unresolved vulnerability in network infrastructure, increasing immediate security risks for users and presenting a potential vector for cyber espionage.
- · Cybersecurity firms
- · Western hardware manufacturers
- · Security-conscious enterprises
- · Tenda
- · Users of vulnerable Tenda routers
- · Organizations with weak cybersecurity posture
Immediate risks of unauthorized network access and data breaches for entities using affected Tenda routers.
Increased scrutiny and potential restrictions on Chinese-made networking hardware in sensitive sectors.
Enhanced efforts by governments and organizations to secure their supply chains and diversify away from potentially compromised vendors.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at Tom's Hardware