CVE-2026-1410

A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attack on the physical device is feasible. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 6.4 MEDIUM
CVSS v2.0 6.2 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.2^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f	Exploit Mitigation Third Party Advisory
https://vuldb.com/?ctiid.342799	Permissions Required VDB Entry
https://vuldb.com/?id.342799	Third Party Advisory VDB Entry
https://vuldb.com/?submit.739433	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:beetel:777vr1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:beetel:777vr1:-:*:*:*:*:*:*:*

History

29 Apr 2026, 01:00

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue detectada en Beetel 777VR1 hasta 01.00.09/01.00.09_55. Afectada es una función desconocida del componente Interfaz UART. La manipulación resulta en falta de autenticación. Un ataque en el dispositivo físico es factible. Este ataque se caracteriza por alta complejidad. La explotabilidad se considera difícil. El exploit es ahora público y puede ser usado. El proveedor fue contactado tempranamente sobre esta divulgación pero no respondió de ninguna manera.

30 Jan 2026, 20:24

Type	Values Removed	Values Added
References	~~() https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f -~~	() https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f - Exploit, Mitigation, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.342799 -~~	() https://vuldb.com/?ctiid.342799 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.342799 -~~	() https://vuldb.com/?id.342799 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.739433 -~~	() https://vuldb.com/?submit.739433 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:h:beetel:777vr1:-:::::::* cpe:2.3:o:beetel:777vr1_firmware::::::::
First Time		Beetel 777vr1 Beetel Beetel 777vr1 Firmware

26 Jan 2026, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-26 01:15

Updated : 2026-04-29 01:00

NVD link : CVE-2026-1410

Mitre link : CVE-2026-1410

CVE.ORG link : CVE-2026-1410

JSON object : View

Products Affected

beetel

777vr1_firmware
777vr1

CWE

CWE-287

Improper Authentication

CWE-306

Missing Authentication for Critical Function

6.4 /10