| Título | Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-521 — Weak Password Requirements |
|---|
| Descrição | Title
Use of Hard-Coded Default Credentials on UART Diagnostic Interface
Affected Product
Product: Beetel 777VR1 Broadband Router
Firmware Version: V01.00.09 / V01.00.09_55
Distribution: ISP-provisioned firmware
Vulnerability Type
Authentication Bypass via Default Credentials
CWE
CWE-521 — Weak Password Requirements
Severity
High
Attack Vector
Physical (UART)
Description
The Beetel 777VR1 router exposes a UART-based diagnostic interface protected by authentication. The interface accepts well-known, vendor-supplied default credentials (admin / password) and does not enforce a mandatory password change on first use.
The default credentials remain valid in production firmware and provide access to a privileged diagnostic environment, including shell access and system-level commands.
An attacker with physical access to the UART interface can authenticate using publicly known credentials, resulting in unauthorized administrative access.
Proof : Please see proof with screenshots in detail at :
https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633
Impact
Unauthorized administrative access, configuration manipulation, information disclosure, and potential full system compromise.
Preconditions
Physical access to the UART interface
Device running affected firmware
Mitigation
Remove default credentials from production firmware
Enforce mandatory password change on first login
Require strong, user-defined credentials
Credit
Discovered and reported by: RAGHAV AGRAWAL |
|---|
| Fonte | ⚠️ https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633 |
|---|
| Utilizador | raghav_2026 (UID 94388) |
|---|
| Submissão | 14/01/2026 22h52 (há 3 meses) |
|---|
| Moderação | 25/01/2026 10h43 (10 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 342797 [Beetel 777VR1 até 01.00.09/01.00.09_55 UART Interface Autenticação fraca] |
|---|
| Pontos | 20 |
|---|