Vulnerability in Tenda Firmware
CVE-2026-11405
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/Pas…
Affected products
- Tenda Firmware — versions US_AC6V2.0RTL_V15.03.06.51_multi_T, US_AC5V1.0RTL_V15.03.06.48_multi_TDE01, US_AC10V1.0re_V15.03.06.46_multi_TDE01
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2026-11405?
- CVE-2026-11405 is a vulnerability in Tenda Firmware, classified under CWE-912: HIDDEN FUNCTIONALITY. Published 2026-07-06.
- Is CVE-2026-11405 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.