SecurityWeek ·EN-US News source AdvisoryTenda FirmwareHP Deskjet 2800 Series Printers
Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices
CVE Tools coverage
A security researcher uncovered an undocumented backdoor in several versions of Tenda firmware that allows attackers to gain administrative access to the device's web management interface. The flaw, tracked as CVE-2026-11405, resides in the login function of the web server binary and enables authentication bypass. Additionally, CERT/CC reported another vulnerability in HP Deskjet 2800 series printers (CVE-2026-13753), where unauthenticated access to API endpoints exposes sensitive information like Wi-Fi credentials and printer serial numbers. Both issues remain unpatched, and users are advised to disable remote web management and update their configurations to mitigate risks.