CVE-2026-2616 - Vulnerability Details

- Beetel 777VR1 Web Management hard-coded credentials

Description

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-17

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker who can reach the web management interface on the Beetel 777VR1 to use hard‑coded administrative credentials that are embedded in the firmware. Because the login credentials are trivial, an authenticated attacker can gain full control of the device and change configuration settings, potentially exposing the network or disabling services.

Affected Systems

Beetel 777VR1 routers with firmware versions up to 01.00.09 are impacted. No newer revisions have been confirmed to be affected.

Risk and Exploitability

The CVSS base score is 8.7, indicating high severity. EPSS is reported as less than 1 %, meaning exploitation is considered uncommon but still possible. The vulnerability is not listed in the CISA KEV catalog. Attackers must have local network access to reach the vulnerable web interface; once accessed they can log in with the hard‑coded credentials and modify settings.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Beetel

777VR1

affected

Version	Status	Constraints
`01.00.09`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:beetel:777vr1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:beetel:777vr1:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Beetel

777vr1

100%

Version	Status	Scheme	Platform
`01.00.09`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware release that removes the hard‑coded credentials.
Change or disable the default administrative credentials on all Beetel 777VR1 devices.
Restrict local‑network access to the web management interface, for example by isolating management traffic or applying firewall rules.

Generated by OpenCVE AI on April 17, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00318.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc
https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc#reproduction-steps
https://vuldb.com/?ctiid.346266
https://vuldb.com/?id.346266
https://vuldb.com/?submit.751314

History

Thu, 19 Feb 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel 777vr1 Firmware
CPEs		cpe:2.3:h:beetel:777vr1:-:::::::* cpe:2.3:o:beetel:777vr1_firmware::::::::
Vendors & Products		Beetel 777vr1 Firmware

Wed, 18 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel Beetel 777vr1
Vendors & Products		Beetel Beetel 777vr1

Tue, 17 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 17 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Beetel 777VR1 Web Management hard-coded credentials
Weaknesses		CWE-259 CWE-798
References		https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc#reproduction-steps https://vuldb.com/?ctiid.346266 https://vuldb.com/?id.346266 https://vuldb.com/?submit.751314
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:A/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Beetel 777vr1 777vr1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-17T15:02:07.133Z

Updated: 2026-02-23T10:13:35.134Z

Reserved: 2026-02-17T07:00:41.421Z

Link: CVE-2026-2616

Vulnrichment

Updated: 2026-02-17T15:21:23.554Z

NVD

Status : Analyzed

Published: 2026-02-17T15:16:24.717

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2616

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T19:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object