Tenda routers ship a hidden backdoor password — CVE-2026-11405 unpatched
CERT/CC disclosed CVE-2026-11405 on July 6: five Tenda firmware images ship a plaintext strcmp() backdoor in /bin/httpd. Tenda didn't respond and no patch is available.
CERT/CC disclosed CVE-2026-11405 on July 6: five Tenda firmware images ship a plaintext strcmp() backdoor in /bin/httpd. Tenda didn't respond and no patch is available.