CVE Tools
Back to feed
BleepingComputer ·EN-US News source Patch releasedTenda FH1201Tenda W15ETenda AC10

Hidden backdoor in Tenda router firmware grants admin access

By Bill Toulas··2 min read
CVE Tools coverage

CERT/CC reports a hidden authentication backdoor in multiple Tenda router firmware builds, tracked as CVE-2026-11405 (and also referenced in the bulletin as CVE-2026-13753), that can grant full administrator access to the web management interface without needing the configured admin username. The issue affects Tenda devices including FH1201 (US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD), W15E (US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE), AC10 (US_AC10V1.0re_V15.03.06.46_multi_TDE01), AC5 (US_AC5V1.0RTL_V15.03.06.48_multi_TDE01), and AC6 V2 (US_AC6V2.0RTL_V15.03.06.51_multi_T). With no patch currently available, the practical impact is that attackers could reconfigure the device and weaken local-network security; users are advised to disable remote web management and reduce exposure to automated scanning.