CVE-2026-2616

HIGH

Beetel 777VR1 <=01.00.09 - Auth Bypass

Title source: llm

Description

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.346266

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.346266

[Permissions Required, VDB Entry] https://vuldb.com/?submit.751314

[Various Sources] https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc

[Various Sources] https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc#reproduction-steps

Scores

CVSS v3 8.8

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

beetel/777vr1_firmware < 01.00.09_55

Published Feb 17, 2026

Tracked Since Feb 18, 2026