Description
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
Published: 2026-05-07
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A hidden, persistent backdoor was discovered in Yarbo firmware version 2.3.9, granting remote, unauthenticated or weakly authenticated users privileged functionality. The backdoor is undocumented, cannot be disabled through user‑facing settings, and survives factory resets and ordinary firmware updates. This flaw enables attackers to gain high‑level control over the device without needing legitimate credentials.

Affected Systems

Yarbo firmware 2.3.9, specifically the embedded robotic platform. No other affected versions are enumerated in the available data.

Risk and Exploitability

The CVSS score is 7.2, indicating a high severity threat. The EPSS score is < 1%, indicating a very low but nonzero exploitation likelihood, but the backdoor's persistence and lack of deactivation raise significant risk. The vulnerability is not listed in CISA's KEV catalog, reducing exposure to known exploitation campaigns. Attackers likely exploit the flaw via network connections to the robot, using undocumented interfaces or hardcoded credentials, as the backdoor accepts unauthenticated requests.

Generated by OpenCVE AI on May 14, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the firmware to a version where the backdoor has been removed or patched.
  • If a patch is not available, block all external network traffic to the robot and isolate it from untrusted networks.
  • Regularly monitor logs for suspicious commands and enable robust authentication or change default credentials.

Generated by OpenCVE AI on May 14, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Yarbo lawn Mower
Yarbo lawn Mower Firmware
Yarbo lawn Mower Pro
Yarbo lawn Mower Pro Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:yarbo:lawn_mower:-:*:*:*:*:*:*:*
cpe:2.3:h:yarbo:lawn_mower_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:yarbo:lawn_mower_firmware:2.3.9:*:*:*:*:*:*:*
cpe:2.3:o:yarbo:lawn_mower_pro_firmware:2.3.9:*:*:*:*:*:*:*
Vendors & Products Yarbo lawn Mower
Yarbo lawn Mower Firmware
Yarbo lawn Mower Pro
Yarbo lawn Mower Pro Firmware

Fri, 08 May 2026 23:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Yarbo
Yarbo firmware
Vendors & Products Yarbo
Yarbo firmware

Thu, 07 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
Title Persistent undocumented backdoor access in Yarbo robot
Weaknesses CWE-912
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Yarbo Firmware Lawn Mower Lawn Mower Firmware Lawn Mower Pro Lawn Mower Pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: AHA

Published:

Updated: 2026-05-08T22:46:29.192Z

Reserved: 2026-04-29T13:37:07.749Z

Link: CVE-2026-7413

cve-icon Vulnrichment

Updated: 2026-05-08T22:46:22.450Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-07T17:15:59.343

Modified: 2026-05-14T17:54:50.453

Link: CVE-2026-7413

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T20:00:14Z

Weaknesses