CVE-2026-2616
Received Received - Intake
Hardcoded Credentials in Beetel 777VR1 Web Management Interface

Publication date: 2026-02-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2616
EUVD
EUVD-2026-7661
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
beetel 777vr1_firmware to 01.00.09_55 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2616 is a critical vulnerability in the Beetel 777VR1 broadband router\'s Web Management Interface, present in firmware versions up to 01.00.09. The issue arises from hard-coded default credentials (username: "admin", password: "password") embedded in the software that are publicly known and remain valid without enforcing a mandatory password change on first login.'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker with local network access to bypass authentication easily, as the interface lacks any rate limiting, account lockout, authentication delay, or throttling mechanisms. This makes it susceptible to brute-force and credential-stuffing attacks, enabling unauthorized full administrative access to the router.'}, {'type': 'paragraph', 'content': 'The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials), CWE-521 (Weak Password Requirements), CWE-307 (Improper Restriction of Excessive Authentication Attempts), and OWASP A2 (Broken Authentication). A public proof-of-concept exploit is available.'}] [1, 2, 3]

Impact Analysis

Exploitation of this vulnerability allows an attacker on the local network to gain full administrative control over the Beetel 777VR1 router without needing any prior credentials.

  • Modify critical network configurations such as LAN/WAN settings, DHCP, DNS, and routing.
  • Enable or disable remote access protocols.
  • Use the compromised router as a pivot point for lateral movement or further network attacks.

This compromises the confidentiality, integrity, and availability of the device and the networks it services, potentially leading to broader network security breaches.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access the Beetel 777VR1 web management interface, typically via HTTPS at the router\'s local IP address (e.g., https://192.168.1.1). Checking for the presence of hardcoded default credentials (username: "admin", password: "password") is a key indicator.'}, {'type': 'paragraph', 'content': 'Since the interface does not enforce rate limiting or account lockout, you can test for vulnerability by performing multiple login attempts using these default credentials or brute-force attempts without being blocked.'}, {'type': 'paragraph', 'content': "Suggested commands or methods include using automated scripts or tools to send repeated login requests to the router's web management interface and observe the responses. For example, using curl or JavaScript fetch API to send POST requests to the login endpoint and checking for HTTP 200 OK responses with identical error messages indicates no throttling or blocking."}, {'type': 'list_item', 'content': "Use curl to test login attempts: curl -k -X POST https://192.168.1.1/login -d 'username=admin&password=password'"}, {'type': 'list_item', 'content': 'Automate multiple login attempts with a script to verify absence of rate limiting or account lockout.'}, {'type': 'list_item', 'content': "Monitor network traffic for repeated authentication attempts to the router's management interface."}] [2, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include modifying the router's configuration settings to remove or change the hardcoded default credentials."}, {'type': 'paragraph', 'content': 'Specifically, you should:'}, {'type': 'list_item', 'content': 'Change the default username and password from the known hardcoded values (admin/password) to strong, unique credentials.'}, {'type': 'list_item', 'content': 'Restrict access to the web management interface to trusted networks only, ideally limiting it to LAN access and disabling WAN exposure.'}, {'type': 'list_item', 'content': 'If possible, implement or enable any available rate limiting, account lockout, or authentication delay mechanisms to prevent brute-force attacks.'}, {'type': 'list_item', 'content': 'Monitor the device for unauthorized access attempts and consider isolating the device on the network until it is secured.'}, {'type': 'paragraph', 'content': 'Since the vendor has not provided a firmware update or patch, these configuration changes are critical to reduce the risk of exploitation.'}] [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2616. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart