Vulnerability in Tenda Firmware

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/Pas…

Affected products

  • Tenda Firmware — versions US_AC6V2.0RTL_V15.03.06.51_multi_T, US_AC5V1.0RTL_V15.03.06.48_multi_TDE01, US_AC10V1.0re_V15.03.06.46_multi_TDE01

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2026-11405?
CVE-2026-11405 is a vulnerability in Tenda Firmware, classified under CWE-912: HIDDEN FUNCTIONALITY. Published 2026-07-06.
Is CVE-2026-11405 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.