Hidden Router Backdoor Exposes Australian Networks to Unauthorized Access

July 13, 2026 | CXO Junction

Leave a Comment / Cybersecurity, Data Protection, Enterprise Technology, Industry News / By cxojunction

A newly identified security flaw in certain Tenda networking products has prompted fresh warnings from cybersecurity analysts, as the weakness could allow attackers to take control of affected systems without requiring valid login credentials.

Unauthorized access vulnerability discovered in Tenda routers exposing Australian networks to hidden authentication risks.

The issue was uncovered by Carnegie Mellon University’s CERT Coordination Center, which found an undocumented authentication mechanism in multiple software versions powering the company’s routers, switches, and wireless access points sold in Australia. These products rely on a web-based management interface that normally protects administrative functions through username and password authentication.

According to the advisory, if the standard authentication process fails, the software checks an alternate password stored in the system configuration and compares it directly with the password entered by the user. A successful match grants administrator privileges and creates a valid session. The process also skips username verification, allowing any username to be accepted when paired with the alternate password. Once access is obtained, threat actors can modify settings, disable security protections, and further compromise the network.

The vulnerability, tracked as CVE-2026-11405, has also raised questions over the list of affected software versions. Security researcher Will Dormann noted that the versions mentioned in the advisory do not appear to contain the hidden authentication feature, although he confirmed that it is present in other releases. While the exact scope remains under review, experts agree that the security weakness exists and should not be ignored.

The discovery serves as a reminder that hidden authentication mechanisms can expose critical infrastructure to unauthorized access. Organizations using these networking products should disable remote management, restrict local network exposure, and apply security updates as they become available to reduce the risk of exploitation.

CXO Junction remains dedicated to providing you with exclusive insights into transformative leadership journeys. Stay tuned for more updates as we continue to bring industry news to you.

Source: Analysts warn of hidden backdoor in routers sold in Australia | cyberdaily.au | https://www.cyberdaily.au/security/13892-analysts-warn-of-hidden-backdoor-in-routers-sold-in-australia

Latest News