{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1408", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-25T09:43:06.267Z", "datePublished": "2026-01-25T23:02:06.097Z", "dateUpdated": "2026-02-23T08:54:12.409Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:54:12.409Z"}, "title": "Beetel 777VR1 UART weak password", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-521", "lang": "en", "description": "Weak Password Requirements"}]}], "affected": [{"vendor": "Beetel", "product": "777VR1", "versions": [{"version": "01.00.09", "status": "affected"}, {"version": "01.00.09_55", "status": "affected"}], "modules": ["UART Interface"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1, "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2, "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2, "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.2, "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-25T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-31T07:44:08.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "raghav_2026 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.342797", "name": "VDB-342797 | Beetel 777VR1 UART weak password", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.342797", "name": "VDB-342797 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.739384", "name": "Submit #739384 | Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-521 \u2014 Weak Password Requirements", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-26T17:30:22.294742Z", "id": "CVE-2026-1408", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T17:30:28.524Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1408", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-26T17:30:22.294742Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T17:30:25.284Z"}}], "cna": {"title": "Beetel 777VR1 UART weak password", "credits": [{"lang": "en", "type": "reporter", "value": "raghav_2026 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.2, "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Beetel", "modules": ["UART Interface"], "product": "777VR1", "versions": [{"status": "affected", "version": "01.00.09"}, {"status": "affected", "version": "01.00.09_55"}]}], "timeline": [{"lang": "en", "time": "2026-01-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-25T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-31T07:44:08.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.342797", "name": "VDB-342797 | Beetel 777VR1 UART weak password", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.342797", "name": "VDB-342797 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.739384", "name": "Submit #739384 | Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-521 \u2014 Weak Password Requirements", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-521", "description": "Weak Password Requirements"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:54:12.409Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1408", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:54:12.409Z", "dateReserved": "2026-01-25T09:43:06.267Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-25T23:02:06.097Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:beetel:777vr1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDB59B43-847F-4251-9CDC-96992B3D0C0C", "versionEndIncluding": "01.00.09_55", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:beetel:777vr1:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF58180F-9493-4B69-8C29-F2FF33C73BAB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha identificado una debilidad en Beetel 777VR1 hasta la versi\u00f3n 01.00.09/01.00.09_55. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Interfaz UART. La ejecuci\u00f3n de una manipulaci\u00f3n puede llevar a requisitos de contrase\u00f1a d\u00e9biles. El dispositivo f\u00edsico puede ser el objetivo del ataque. El ataque requiere un alto nivel de complejidad. Se afirma que la explotabilidad es dif\u00edcil. El exploit se ha puesto a disposici\u00f3n del p\u00fablico y podr\u00eda ser utilizado para ataques. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-1408", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 0.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-25T23:15:48.127", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/raghav20232023/9c51cbd91f3798b1c10f3f30fb631633"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.342797"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.342797"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.739384"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:48:54.823911+00:00", "value": {"mitigation_remediation": ["Apply any firmware update from Beetel that addresses the UART password weakness.", "Restrict physical access to the UART port and enforce strong local authentication, such as a complex password if possible.", "Monitor the device for unusual UART access attempts and isolate it from critical networks."], "summary": {"action": "Apply patch", "impact": "Weak password could allow unauthorized access to the device"}, "threat_synthesis": {"affected_systems": "The affected system is the Beetel\u202f777VR1 hardware device running firmware versions up through 01.00.09/01.00.09_55. The issue resides in the UART interface component of this firmware.", "description_and_impact": "The vulnerability is a weakness in the UART interface of Beetel\u202f777VR1, which allows an attacker to exploit weak password requirements. When manipulated, the UART component accepts an insufficiently strong password, enabling unauthorized local access. This weakness is classified as CWE\u2011521 and can potentially allow an attacker to gain control of the device, leading to confidentiality or integrity loss, depending on what commands are accepted over the UART link.", "risk_and_exploitability": "This flaw has a CVSS score of 1, indicating a very low severity, and an EPSS score of less than 1%, meaning it is unlikely to be widely exploited. The exploitation vector is physical, targeting the UART port of the device, and requires high complexity, so existing public exploits are likely difficult to deploy. Because it is not listed in the CISA KEV catalog, it is not a known, actively exploited vulnerability, but the weakness still permits unauthorized local access if the attacker gains physical access."}}}}, "created": "2026-01-26T11:48:10.529053+00:00", "updated": "2026-04-18T03:00:10.324802+00:00", "vendors": ["beetel", "beetel$PRODUCT$777vr1"]}