Submit #739399: Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-307 Improper Restriction - Excessive Authentication Attemptsinfo

Title	Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-307 Improper Restriction - Excessive Authentication Attempts
Description	Title Missing Brute-Force Protection on UART Diagnostic Authentication Mechanism Affected Product Product: Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 Distribution: ISP-provisioned firmware Vulnerability Type Improper Authentication Attempt Restriction CWE CWE-307 — Improper Restriction of Excessive Authentication Attempts Severity Critical Attack Vector Physical (UART) Description The UART-based diagnostic authentication mechanism on the Beetel 777VR1 router does not implement any form of brute-force protection. The interface allows unlimited authentication attempts without rate limiting, delay, CAPTCHA, or account lockout. An attacker with physical access can repeatedly attempt credentials without restriction, enabling credential guessing or brute-force attacks against administrative accounts. This weakness exists regardless of password strength and significantly reduces the effort required to obtain unauthorized access. Proof : Please see : https://gist.github.com/raghav20232023/19900b427445adf37f64ae953611bfce Screenshot and google drive link containing video reproducing the vulnerability have been added there. Impact Increased likelihood of successful credential compromise leading to unauthorized diagnostic shell access. Preconditions Physical access to the UART interface Device running affected firmware Exploitability High. Unlimited attempts enable rapid brute-force or credential-stuffing attacks. Mitigation Implement authentication rate limiting Introduce exponential back-off or fixed delays Lock accounts after repeated failed attempts Log and alert on repeated authentication failures Credit: Discovered and reported by: RAGHAV AGRAWAL
Source	⚠️ https://gist.github.com/raghav20232023/19900b427445adf37f64ae953611bfce
User	raghav_2026 (UID 94388)
Submission	01/14/2026 23:15 (3 months ago)
Moderation	01/25/2026 10:43 (10 days later)
Status	Accepted
VulDB entry	342798 [Beetel 777VR1 up to 01.00.09/01.00.09_55 UART Interface excessive authentication]
Points	20

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!