CVE-2026-1410 - Vulnerability Details

- Beetel 777VR1 UART missing authentication

Description

A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attack on the physical device is feasible. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-01-26

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in Beetel 777VR1 allows an attacker with physical access to interact with the UART interface without authentication. The vulnerability originates from missing authentication checks on an unknown UART function, enabling control of the device’s internal state and potentially remote commands. This weakness aligns with CWE‑287 and CWE‑306 and could lead to unauthorized device manipulation, impacting confidentiality, integrity, and availability.

Affected Systems

The issue affects Beetel's 777VR1 series, specifically firmware versions up to 01.00.09/01.00.09_55. Systems running these firmware releases are vulnerable; newer releases should be checked for fixes.

Risk and Exploitability

The CVSS base score of 5.4 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is classified as difficult to exploit and requires physical access to the UART port, which limits the attack surface. Because it is not listed in the CISA KEV catalog, there is currently no widely recognized exploitation, though the public exploit code is disclosed. The lack of an official vendor patch means that mitigations must be applied manually, and the situation remains a high operating risk for exposed devices.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Beetel

777VR1

affected

Version	Status	Constraints
`01.00.09`	affected	—
`01.00.09_55`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:beetel:777vr1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:beetel:777vr1:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Beetel	777vr1	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any available firmware update that removes the missing authentication flaw.
If an update cannot be applied, physically disconnect or block the UART port to prevent unauthorized access.
Implement additional device‑side authentication or access control for the UART interface if system configuration allows.
Continuously monitor UART traffic for abnormal activity and log any attempts to interact with the interface.

Generated by OpenCVE AI on April 18, 2026 at 02:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Physical

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f
https://vuldb.com/?ctiid.342799
https://vuldb.com/?id.342799
https://vuldb.com/?submit.739433

History

Fri, 30 Jan 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel 777vr1 Firmware
CPEs		cpe:2.3:h:beetel:777vr1:-:::::::* cpe:2.3:o:beetel:777vr1_firmware::::::::
Vendors & Products		Beetel 777vr1 Firmware

Mon, 26 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 26 Jan 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel Beetel 777vr1
Vendors & Products		Beetel Beetel 777vr1

Mon, 26 Jan 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attack on the physical device is feasible. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Beetel 777VR1 UART missing authentication
Weaknesses		CWE-287 CWE-306
References		https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f https://vuldb.com/?ctiid.342799 https://vuldb.com/?id.342799 https://vuldb.com/?submit.739433
Metrics		cvssV2_0 `{'score': 6.2, 'vector': 'AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.4, 'vector': 'CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Beetel 777vr1 777vr1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-26T00:02:05.878Z

Updated: 2026-02-23T08:54:37.619Z

Reserved: 2026-01-25T09:43:12.180Z

Link: CVE-2026-1410

Vulnrichment

Updated: 2026-01-26T17:29:31.472Z

NVD

Status : Analyzed

Published: 2026-01-26T01:15:48.773

Modified: 2026-01-30T20:24:17.860

Link: CVE-2026-1410

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T03:00:10Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Physical

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object