CVE-2026-2702 - Vulnerability Details

- Beetel 777VR1 WPA2 PSK hard-coded credentials

Description

A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-19

Score: 2.3 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw lies in the WPA2 PSK component of the Beetel 777VR1, allowing a local network adversary to trigger a manipulation that reveals hard‑coded credentials. With these credentials the attacker can authenticate as a privileged user and gain full control of the device, potentially altering configuration or intercepting traffic. The weakness is a credential management flaw that exposes default secrets.

Affected Systems

The vulnerability affects the Beetel 777VR1 device running firmware versions up to 01.00.09. No further vendor or product details are provided in the CVE entry.

Risk and Exploitability

The CVSS score of 2.3 indicates low severity, and the EPSS score is below 1 %. The vulnerability is not listed in the KEV catalog. The exploit requires local network access and is described as complex and difficult; however, the exploit code has been released publicly. If leveraged, it could provide an attacker with persistent device access and open the door to deeper network compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Beetel

777VR1

affected

Version	Status	Constraints
`01.00.09`	affected	—

No data.

Vendor Product Confidence Versions

Beetel

777vr1

100%

Version	Status	Scheme	Platform
`01.00.09`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device firmware to the latest version that addresses the hard‑coded credentials issue
Disable or change the default WPA2 PSK credentials to a strong, unique passphrase
Isolate the device from critical networks using VLANs or firewalls to limit lateral movement
Monitor network traffic for unauthorized authentication attempts to detect potential exploitation

Generated by OpenCVE AI on April 17, 2026 at 18:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00006.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa
https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa#steps-to-reproduce
https://vuldb.com/?ctiid.346648
https://vuldb.com/?id.346648
https://vuldb.com/?submit.754354

History

Tue, 24 Feb 2026 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 19 Feb 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel Beetel 777vr1
Vendors & Products		Beetel Beetel 777vr1

Thu, 19 Feb 2026 04:15:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Beetel 777VR1 WPA2 PSK hard-coded credentials
Weaknesses		CWE-259 CWE-798
References		https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa#steps-to-reproduce https://vuldb.com/?ctiid.346648 https://vuldb.com/?id.346648 https://vuldb.com/?submit.754354
Metrics		cvssV2_0 `{'score': 1.8, 'vector': 'AV:A/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.1, 'vector': 'CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Beetel 777vr1

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-19T03:32:06.458Z

Updated: 2026-02-24T01:43:31.577Z

Reserved: 2026-02-18T17:56:10.604Z

Link: CVE-2026-2702

Vulnrichment

Updated: 2026-02-24T01:43:27.530Z

NVD

Status : Deferred

Published: 2026-02-19T07:17:49.237

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2702

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T18:30:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object