CVE-2026-2617 - Vulnerability Details

- Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource

Description

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-17

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability in Beetel 777VR1, affecting firmware versions up to 01.00.09, arises from an insecure default initialization of a resource within the Telnet/SSH service component. The flaw allows a local network actor to manipulate the behaviour of the service, potentially causing unauthorized actions or disruption, though the advisory does not detail specific outcomes. It is classified as CWE‑1188, indicating improper initialization during object construction.

Affected Systems

The impacted device is the Beetel 777VR1, with firmware versions up to 01.00.09. No other vendors or product variants are listed as affected in the current advisory.

Risk and Exploitability

The flaw can be exploited only from the local network; an attacker must be physically or logically connected to the same LAN segment to conduct the manipulation. The EPSS score of less than 1 % shows that real-world exploitation is unlikely, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, local attackers could use the flaw to alter Telnet or SSH service behaviour or possibly elevate access on the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Beetel

777VR1

affected

Version	Status	Constraints
`01.00.09`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:beetel:777vr1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:beetel:777vr1:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Beetel

777vr1

100%

Version	Status	Scheme	Platform
`01.00.09`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Beetel 777VR1 firmware to a version that addresses the insecure initialization flaw; verify the latest release on the vendor’s website.
Restrict access to the Telnet and SSH services by limiting permitted IP ranges or placing the device in a separate VLAN to minimize exposure to local attackers.
If the services are not required for daily operations, disable Telnet and optionally SSH until a secure firmware version is available.

Generated by OpenCVE AI on April 18, 2026 at 12:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00059.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0
https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0#proofsteps-to-reproduce
https://vuldb.com/?ctiid.346267
https://vuldb.com/?id.346267
https://vuldb.com/?submit.751436
https://vuldb.com/?submit.751568

History

Thu, 19 Feb 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel 777vr1 Firmware
CPEs		cpe:2.3:h:beetel:777vr1:-:::::::* cpe:2.3:o:beetel:777vr1_firmware::::::::
Vendors & Products		Beetel 777vr1 Firmware

Thu, 19 Feb 2026 01:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel Beetel 777vr1
Vendors & Products		Beetel Beetel 777vr1

Tue, 17 Feb 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource
Weaknesses		CWE-1188
References		https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0 https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0#proofsteps-to-reproduce https://vuldb.com/?ctiid.346267 https://vuldb.com/?id.346267 https://vuldb.com/?submit.751436 https://vuldb.com/?submit.751568
Metrics		cvssV2_0 `{'score': 5.8, 'vector': 'AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Beetel 777vr1 777vr1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-17T15:32:06.089Z

Updated: 2026-02-23T10:13:48.851Z

Reserved: 2026-02-17T07:00:47.891Z

Link: CVE-2026-2617

Vulnrichment

Updated: 2026-02-17T15:45:34.848Z

NVD

Status : Analyzed

Published: 2026-02-17T16:20:29.987

Modified: 2026-02-19T19:51:08.040

Link: CVE-2026-2617

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses

CWE-1188

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object