CVE-2026-1408 - Vulnerability Details

- Beetel 777VR1 UART weak password

Description

A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-01-25

Score: 1 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a weakness in the UART interface of Beetel 777VR1, which allows an attacker to exploit weak password requirements. When manipulated, the UART component accepts an insufficiently strong password, enabling unauthorized local access. This weakness is classified as CWE‑521 and can potentially allow an attacker to gain control of the device, leading to confidentiality or integrity loss, depending on what commands are accepted over the UART link.

Affected Systems

The affected system is the Beetel 777VR1 hardware device running firmware versions up through 01.00.09/01.00.09_55. The issue resides in the UART interface component of this firmware.

Risk and Exploitability

This flaw has a CVSS score of 1, indicating a very low severity, and an EPSS score of less than 1%, meaning it is unlikely to be widely exploited. The exploitation vector is physical, targeting the UART port of the device, and requires high complexity, so existing public exploits are likely difficult to deploy. Because it is not listed in the CISA KEV catalog, it is not a known, actively exploited vulnerability, but the weakness still permits unauthorized local access if the attacker gains physical access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Beetel

777VR1

affected

Version	Status	Constraints
`01.00.09`	affected	—
`01.00.09_55`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:beetel:777vr1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:beetel:777vr1:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Beetel	777vr1	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any firmware update from Beetel that addresses the UART password weakness.
Restrict physical access to the UART port and enforce strong local authentication, such as a complex password if possible.
Monitor the device for unusual UART access attempts and isolate it from critical networks.

Generated by OpenCVE AI on April 18, 2026 at 02:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Physical

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00009.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633
https://vuldb.com/?ctiid.342797
https://vuldb.com/?id.342797
https://vuldb.com/?submit.739384

History

Fri, 30 Jan 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel 777vr1 Firmware
CPEs		cpe:2.3:h:beetel:777vr1:-:::::::* cpe:2.3:o:beetel:777vr1_firmware::::::::
Vendors & Products		Beetel 777vr1 Firmware

Mon, 26 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 26 Jan 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel Beetel 777vr1
Vendors & Products		Beetel Beetel 777vr1

Sun, 25 Jan 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Beetel 777VR1 UART weak password
Weaknesses		CWE-521
References		https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633 https://vuldb.com/?ctiid.342797 https://vuldb.com/?id.342797 https://vuldb.com/?submit.739384
Metrics		cvssV2_0 `{'score': 1.2, 'vector': 'AV:L/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 2, 'vector': 'CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 2, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 1, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Beetel 777vr1 777vr1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-25T23:02:06.097Z

Updated: 2026-02-23T08:54:12.409Z

Reserved: 2026-01-25T09:43:06.267Z

Link: CVE-2026-1408

Vulnrichment

Updated: 2026-01-26T17:30:25.284Z

NVD

Status : Analyzed

Published: 2026-01-25T23:15:48.127

Modified: 2026-01-30T20:32:13.860

Link: CVE-2026-1408

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T03:00:10Z

Weaknesses

CWE-521

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Physical

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object