Login Sign Up

CVE-2026-1409

2.0 LOW
Authentication Bypass

📋 TL;DR

This vulnerability in Beetel 777VR1 routers allows attackers to bypass authentication rate limiting via the UART interface, potentially gaining unauthorized access. It affects physical devices running firmware versions up to 01.00.09/01.00.09_55. Attackers need physical access and technical expertise to exploit this.

💻 Affected Systems

Products:
  • Beetel 777VR1
Versions: Up to 01.00.09/01.00.09_55
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects UART interface component; requires physical access to device hardware.

📦 What is this software?

777vr1 Firmware by Beetel

View all CVEs affecting 777vr1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attacker gains administrative access to router, modifies configuration, intercepts traffic, or installs persistent malware.

🟠

Likely Case

Limited impact due to required physical access and high technical complexity; potential unauthorized configuration changes if exploited.

🟢

If Mitigated

Minimal impact with proper physical security controls preventing unauthorized device access.

🌐 Internet-Facing: LOW - Exploitation requires physical access to device, not remote network access.
🏢 Internal Only: MEDIUM - Physical access within secured premises could allow exploitation by insiders or visitors.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploit requires physical device access, UART interface knowledge, and technical skill; exploit details publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider replacing affected devices or implementing physical security controls.

🔧 Temporary Workarounds

Physical Security Hardening

all

Secure physical access to routers to prevent unauthorized UART interface manipulation

Disable/Protect UART Interface

all

Physically disable or protect UART interface pins on device hardware if possible

🧯 If You Can't Patch

  • Implement strict physical access controls to router locations
  • Monitor for unauthorized physical access attempts and configuration changes

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface or serial console; versions up to 01.00.09/01.00.09_55 are vulnerable

Check Version:

Check via router web interface or serial console connection

Verify Fix Applied:

No fix available to verify; monitor for vendor firmware updates

📡 Detection & Monitoring

Log Indicators:

  • Unexpected configuration changes
  • Multiple failed authentication attempts from physical console

Network Indicators:

  • Unusual network configuration changes
  • Unexpected administrative access patterns

SIEM Query:

Search for router configuration changes without authorized change tickets or authentication events from physical interfaces

📊 Metadata

CVE ID: CVE-2026-1409
CVSS v3 Score: 2.0 (LOW)
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-307
EPSS Score: 0.01% exploit probability (1.4th percentile)
Published: January 26, 2026
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1409, you might also want to check these:

CVE-2023-1665 9.8

This vulnerability allows attackers to perform unlimited authentication attempts against Twake insta...

Same vulnerability type (CWE-307)
CVE-2020-28212 9.8

This vulnerability allows attackers to perform brute force attacks against the PLC Simulator in EcoS...

Same vulnerability type (CWE-307)
CVE-2024-9342 9.8

CVE-2024-9342 allows attackers to perform unlimited brute-force login attempts against Eclipse Glass...

Same vulnerability type (CWE-307)