| タイトル | Beetel 777VR1 Firmware Versions: V01.00.09 / V01.00.09_55 CWE-521, CWE-307 |
|---|
| 説明 | Beetel 777VR1 Broadband Router Web Management Interface Uses Hardcoded Default Credentials and Allows Unlimited Brute-Force Authentication Attempts
Affected Product
Product: Beetel 777VR1 Broadband Router Firmware Versions: V01.00.09 / V01.00.09_55 Component: Web Management Console
Vulnerability Classification
CWE-521 – Weak Password Requirements
CWE-798 – Use of Hard-coded Credentials
CWE-307 – Improper Restriction of Excessive Authentication Attempts
OWASP A2 – Broken Authentication
Vulnerability Description
The Beetel 777VR1 broadband router exposes a web-based management console protected by username-and-password authentication. The interface accepts vendor-supplied default credentials (admin / password) that are widely known and publicly documented. The firmware does not enforce a mandatory password change upon first login and treats these credentials as valid production credentials.
In addition, the web management interface does not implement any rate limiting, account lockout, authentication delay, or attempt throttling mechanisms. As a result, the interface permits an unlimited number of authentication attempts, making it trivially susceptible to brute-force and credential-stuffing attacks.
The default credentials remain valid across production firmware versions and grant full administrative access to the router’s management interface. Through this interface, an authenticated user can modify system configuration, manage network services, enable or disable remote access protocols, and indirectly influence low-level system behavior.
An attacker with network access to the management interface (typically from the LAN side, or from the WAN if the interface is exposed or misconfigured) can authenticate using the default credentials or brute-force authentication attempts without restriction, resulting in complete administrative compromise of the device.
Impact
Successful exploitation allows an attacker to:
Gain full administrative control over the router
Perform unlimited brute-force authentication attempts without detection or restriction
Modify network configuration (LAN/WAN, DHCP, DNS, routing)
Use the router as a pivot point for lateral movement or further network attacks
This vulnerability compromises the confidentiality, integrity, and availability of the affected device and any networks it services.
Severity
CRITICAL
Attack Vector
Attack Type: Network-based
Access Requirements: Network access to the web management interface
Privileges Required: None
User Interaction: None
Reproduction Steps:
Please see: https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc
Also see:
Following videos have been created to demonstrate the exploit apart from the documentation given above, which can be found at the folder link: https://drive.google.com/drive/folders/1sGMu4Ln_5YuIJX87y7yRaZuTredYBQrc?usp=sharing
777VR1NoRateLimitingDemonstration.webm (most important)
https://drive.google.com/file/d/1r9dh-Lns-SVId2WQ7eWVAkFXdOeDh4dX/view?usp=sharing
777VR1_webconsole_weakPasswordAndDefaultCreds.webm
https://drive.google.com/file/d/1G71A9dS9jx4wCrtHkIAAkP41hfWk4G-l/view?usp=sharing
Security Recommendations
Remove static default credentials from production firmware
Enforce mandatory password change on first login
Generate unique per-device credentials during manufacturing or provisioning
Implement rate limiting, authentication delays, or account lockout mechanisms
Restrict management interface exposure to trusted networks only
Author and Credit
RAGHAV AGRAWAL
Notes for CNA (VulDB)
This vulnerability is distinct from UART-based default credential exposure, which affects a different trust boundary and access vector. The network-accessible web management interface, combined with unrestricted brute-force capability, represents a separate vulnerability. |
|---|
| ソース | ⚠️ https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc |
|---|
| ユーザー | raghav_2026 (UID 94388) |
|---|
| 送信 | 2026年02月03日 19:28 (4 月 ago) |
|---|
| モデレーション | 2026年02月17日 08:00 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 346266 [Beetel 777VR1 迄 01.00.09 Web Management Interface 弱い認証] |
|---|
| ポイント | 20 |
|---|