Submit #739384: Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-521 — Weak Password Requirementsinfo

TitelBeetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-521 — Weak Password Requirements
BeschreibungTitle Use of Hard-Coded Default Credentials on UART Diagnostic Interface Affected Product Product: Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 Distribution: ISP-provisioned firmware Vulnerability Type Authentication Bypass via Default Credentials CWE CWE-521 — Weak Password Requirements Severity High Attack Vector Physical (UART) Description The Beetel 777VR1 router exposes a UART-based diagnostic interface protected by authentication. The interface accepts well-known, vendor-supplied default credentials (admin / password) and does not enforce a mandatory password change on first use. The default credentials remain valid in production firmware and provide access to a privileged diagnostic environment, including shell access and system-level commands. An attacker with physical access to the UART interface can authenticate using publicly known credentials, resulting in unauthorized administrative access. Proof : Please see proof with screenshots in detail at : https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633 Impact Unauthorized administrative access, configuration manipulation, information disclosure, and potential full system compromise. Preconditions Physical access to the UART interface Device running affected firmware Mitigation Remove default credentials from production firmware Enforce mandatory password change on first login Require strong, user-defined credentials Credit Discovered and reported by: RAGHAV AGRAWAL
Quelle⚠️ https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633
Benutzer
 raghav_2026 (UID 94388)
Einreichung14.01.2026 22:52 (vor 3 Monaten)
Moderieren25.01.2026 10:43 (10 days later)
StatusAkzeptiert
VulDB Eintrag342797 [Beetel 777VR1 bis 01.00.09/01.00.09_55 UART Interface schwache Authentisierung]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!