| Title | Beetel Beetel 777VR1 Broadband Router Firmware Versions: V01.00.09 / V01.00.09_55 CWE-306 — Missing Authentication for Critical Function |
|---|
| Description | Title : Unauthenticated Bootloader Console Access via Serial Interrupt
Affected Product
Product: Beetel 777VR1 Broadband Router
Firmware Versions: V01.00.09 / V01.00.09_55
Hardware Platform: Realtek RTL8685S
Bootloader: Realtek RTL8685S Bootloader (LZMA)
Distribution: ISP-provisioned firmware
Vulnerability Type :Missing Authentication / Improper Access Control
CWE : CWE-306 — Missing Authentication for Critical Function
Severity : Critical
Attack Vector : Physical (UART / Serial Console)
Description :
The Beetel 777VR1 router contains a Realtek-based bootloader that exposes an interactive bootloader console over the UART serial interface. Interrupting the boot process by pressing a specific key (ESC) during early startup grants immediate access to this bootloader console.
The bootloader console does not enforce any authentication, authorization checks, or access restrictions. No password, secure boot verification, or hardware lockout mechanism is implemented to prevent unauthorized interaction.
Because this console executes prior to operating system initialization, attackers gain unrestricted pre-OS control of the device, bypassing all operating system–level security mechanisms.
Impact
An attacker with physical access can obtain full pre-OS control of the device, enabling complete compromise of system integrity and trust boundaries before the operating system loads.
This level of access invalidates all downstream security controls implemented by the firmware or operating system.
Preconditions
Physical access to the device UART interface
Ability to interrupt the boot process during startup
Device running an affected firmware version
Evidence :
Please see : https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f
Screenshots and a google drive link containing video proof - demonstration of vulnerability on terminal is provided in this github gist.
Video Evidence (Video proof in google drive link) : https://drive.google.com/drive/folders/1-5baWc3TuV9MYexvG2uWA7zq8LP8ZWVY?usp=sharing
Mitigation
Require authentication before granting bootloader console access
Disable interactive bootloader consoles in production firmware
Enforce secure boot and signed firmware verification
Restrict or remove boot interruption mechanisms on deployed devices
Credit
Discovered and reported by: RAGHAV AGRAWAL |
|---|
| Source | ⚠️ https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f |
|---|
| User | raghav_2026 (UID 94388) |
|---|
| Submission | 01/15/2026 00:18 (3 months ago) |
|---|
| Moderation | 01/25/2026 10:43 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 342799 [Beetel 777VR1 up to 01.00.09/01.00.09_55 UART Interface missing authentication] |
|---|
| Points | 20 |
|---|