Отправить #739384: Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-521 — Weak Password RequirementsИнформация

НазваниеBeetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-521 — Weak Password Requirements
ОписаниеTitle Use of Hard-Coded Default Credentials on UART Diagnostic Interface Affected Product Product: Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 Distribution: ISP-provisioned firmware Vulnerability Type Authentication Bypass via Default Credentials CWE CWE-521 — Weak Password Requirements Severity High Attack Vector Physical (UART) Description The Beetel 777VR1 router exposes a UART-based diagnostic interface protected by authentication. The interface accepts well-known, vendor-supplied default credentials (admin / password) and does not enforce a mandatory password change on first use. The default credentials remain valid in production firmware and provide access to a privileged diagnostic environment, including shell access and system-level commands. An attacker with physical access to the UART interface can authenticate using publicly known credentials, resulting in unauthorized administrative access. Proof : Please see proof with screenshots in detail at : https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633 Impact Unauthorized administrative access, configuration manipulation, information disclosure, and potential full system compromise. Preconditions Physical access to the UART interface Device running affected firmware Mitigation Remove default credentials from production firmware Enforce mandatory password change on first login Require strong, user-defined credentials Credit Discovered and reported by: RAGHAV AGRAWAL
Источник⚠️ https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633
Пользователь
 raghav_2026 (UID 94388)
Представление14.01.2026 22:52 (3 месяцы назад)
Модерация25.01.2026 10:43 (10 days later)
Статуспринято
Запись VulDB342797 [Beetel 777VR1 до 01.00.09/01.00.09_55 UART Interface слабая аутентификация]
Баллы20

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!