Executive Summary

CVE-2026-2618 is a vulnerability in the Beetel 777VR1 Broadband Router firmware versions up to 01.00.09, specifically affecting its SSH Service component.

The vulnerability arises from the use of an obsolete SSH protocol implementation (SSH_0.48) dating back to around 2006, which supports deprecated and cryptographically broken algorithms.

• Key exchange algorithm: diffie-hellman-group1-sha1 (768-bit MODP group), which is broken and vulnerable.
• Host key algorithm: ssh-rsa with SHA-1, which is weak and deprecated.
• Symmetric cipher: 3des-cbc, which uses a 64-bit block size and is vulnerable to Sweet32 attacks.

These outdated cryptographic algorithms lead to a lack of confidentiality, integrity, and resistance to attacks in SSH sessions with the router.

Attackers can intercept credentials, perform man-in-the-middle attacks, decrypt SSH traffic offline, and manipulate cryptographic negotiations, increasing the risk of full device compromise.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have several serious impacts on users of the affected Beetel 777VR1 router.

• Disclosure of SSH authentication credentials to attackers.
• Man-in-the-middle (MITM) attacks against management sessions, allowing attackers to intercept and manipulate communications.
• Decryption of SSH traffic offline, compromising confidentiality.
• Loss of confidentiality and integrity of SSH sessions.
• Increased likelihood of full administrative compromise of the device.

The attack can be carried out remotely over the network (LAN or WAN), and although exploitability is difficult, a public exploit exists, increasing the risk.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying the use of obsolete and broken SSH protocols and algorithms on the Beetel 777VR1 device, specifically the SSH daemon identifying as SSH_0.48.

Detection involves checking the SSH service version and the cryptographic algorithms in use, such as diffie-hellman-group1-sha1 for key exchange, ssh-rsa with SHA-1 for host key algorithm, and 3des-cbc for symmetric cipher.

Commands to detect this may include using SSH client verbose mode or scanning tools to enumerate SSH algorithms, for example:

• ssh -vvv user@target_ip (to observe SSH version and algorithms during handshake)
• nmap --script ssh2-enum-algos -p 22 target_ip (to enumerate supported SSH algorithms)
• ssh-audit target_ip (a tool to audit SSH server cryptographic algorithms)

These commands help identify if the server supports deprecated algorithms like diffie-hellman-group1-sha1, ssh-rsa with SHA-1, or 3des-cbc, indicating the presence of the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include removing the obsolete SSH implementation on the Beetel 777VR1 device and upgrading to a modern, maintained SSH server.

Deprecated cryptographic algorithms such as diffie-hellman-group1-sha1, ssh-rsa with SHA-1, and 3des-cbc should be disabled.

Enforce modern cryptographic standards including strong key exchange methods like ECDH or Curve25519, strong ciphers such as AES-GCM or ChaCha20-Poly1305, and modern host keys like ED25519 or RSA-SHA2.

Additionally, secure credential policies and key-based authentication should be implemented to reduce the risk of compromise.

Since the vendor has not provided a patch or response, consider restricting SSH access to trusted networks or disabling SSH if possible until a secure upgrade is available.

Useful 0 Not Useful 0