CVE-2026-1409
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack on the physical device. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1409
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
beetel 777vr1_firmware to 01.00.09_55 (inc)
beetel 777vr1 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1409 is a vulnerability in the Beetel 777VR1 broadband router's UART-based diagnostic authentication mechanism. The issue is that this interface does not restrict excessive authentication attempts, allowing unlimited brute-force or credential guessing attacks without rate limiting, delays, CAPTCHAs, or account lockouts. An attacker with physical access to the UART interface can exploit this to gain unauthorized diagnostic shell access, regardless of password strength. [1, 3]

Impact Analysis

This vulnerability can lead to unauthorized access to the router's diagnostic shell by allowing attackers to perform unlimited brute-force attacks on administrative accounts. This compromises the confidentiality of the device and potentially the network it manages. Since exploitation requires physical access, the risk is limited to attackers who can physically interact with the device. The lack of vendor mitigation increases the risk, and the vulnerability affects widely deployed routers in residential and small-enterprise environments. [1, 2, 3]

Detection Guidance

Detection of CVE-2026-1409 requires physical access to the Beetel 777VR1 device's UART interface. Since the vulnerability involves unlimited authentication attempts on the UART-based diagnostic interface without brute-force protections, detection can involve monitoring for repeated authentication failures or unusual activity on the UART interface. However, no specific network commands or automated detection commands are provided in the resources. Physical inspection and testing of the UART interface for lack of rate limiting or account lockout mechanisms would be necessary. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting physical access to the UART interface on affected Beetel 777VR1 devices to prevent unauthorized use. Since the firmware lacks brute-force protections, it is recommended to implement authentication rate limiting, introduce exponential back-off or fixed delays after failed authentication attempts, lock accounts after repeated failures, and enable logging and alerting on repeated authentication failures. As no vendor patches or updates are available, replacing the affected device with a non-vulnerable model is also suggested. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1409. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart