제출 #739399: Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-307 Improper Restriction - Excessive Authentication Attempts정보

제목	Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-307 Improper Restriction - Excessive Authentication Attempts
설명	Title Missing Brute-Force Protection on UART Diagnostic Authentication Mechanism Affected Product Product: Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 Distribution: ISP-provisioned firmware Vulnerability Type Improper Authentication Attempt Restriction CWE CWE-307 — Improper Restriction of Excessive Authentication Attempts Severity Critical Attack Vector Physical (UART) Description The UART-based diagnostic authentication mechanism on the Beetel 777VR1 router does not implement any form of brute-force protection. The interface allows unlimited authentication attempts without rate limiting, delay, CAPTCHA, or account lockout. An attacker with physical access can repeatedly attempt credentials without restriction, enabling credential guessing or brute-force attacks against administrative accounts. This weakness exists regardless of password strength and significantly reduces the effort required to obtain unauthorized access. Proof : Please see : https://gist.github.com/raghav20232023/19900b427445adf37f64ae953611bfce Screenshot and google drive link containing video reproducing the vulnerability have been added there. Impact Increased likelihood of successful credential compromise leading to unauthorized diagnostic shell access. Preconditions Physical access to the UART interface Device running affected firmware Exploitability High. Unlimited attempts enable rapid brute-force or credential-stuffing attacks. Mitigation Implement authentication rate limiting Introduce exponential back-off or fixed delays Lock accounts after repeated failed attempts Log and alert on repeated authentication failures Credit: Discovered and reported by: RAGHAV AGRAWAL
원천	⚠️ https://gist.github.com/raghav20232023/19900b427445adf37f64ae953611bfce
사용자	raghav_2026 (UID 94388)
제출	2026. 01. 14. PM 11:15 (3 개월 ago)
모더레이션	2026. 01. 25. AM 10:43 (10 days later)
상태	수락
VulDB 항목	342798 [Beetel 777VR1 까지 01.00.09/01.00.09_55 UART Interface 정보 공개]
포인트들	20

◂ 이전 개요 다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!