A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device's web management panel.

According to a security bulletin from the CERT Coordination Center, the issue remains unfixed because the Chinese maker of the networking equipment couldn't be reached.

CERT/CC says the issue, tracked as CVE-2026-11405, is caused by an undocumented authentication mechanism in the 'login()' function of the '/bin/httpd' web server binary.

If a user attempts to log in, the router firmware will perform standard MD5-based authentication. If that fails, it will retrieve an alternate password from the 'sys.rzadmin.password' configuration value and compare it directly to the plaintext password supplied by the remote user.

If the passwords match, the device grants administrator (role=2) access and creates a valid session, regardless of the username entered.