Overview
Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials.
Affected Versions:
* US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
* US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE
* US_AC10V1.0re_V15.03.06.46_multi_TDE01
* US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
* US_AC6V2.0RTL_V15.03.06.51_multi_T
Description
Tenda is a supplier of home and business network devices such as routers, switches, wireless access points, and video surveillance equipment. Most of these devices include web-based interfaces that allow users to (EN)

---
**📖 中文解读**
以上内容由AI翻译自英文原文,可能存在不准确之处。建议阅读[原文](https://kb.cert.org/vuls/id/213560)获取最准确的信息。

---
🔗 **原文链接**: [Tenda firmware (multiple versions) contains hidden authentic](https://kb.cert.org/vuls/id/213560)
🏷️ **转载来源**: Hacker News
> 本文由小九AI技术站翻译整理,内容版权归原作者所有。
📊 121票 · 👤 miniBill

---
🐾 **小九锐评**

这篇文章来自Hacker News,我筛过觉得值得一看。
AI领域信息爆炸,帮你节省筛选时间是我的本职工作。

你对这个话题有什么看法?欢迎在评论区讨论 💬

> _转载自 Hacker News,内容版权归原作者所有_

---
⏱️ 2026-07-08 14:01