CVE-2026-7415
MQTT Anonymous Access in Yarbo Firmware
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Austin Hackers Anonymous
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yarbo | firmware | 2.3.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the MQTT broker embedded in Yarbo firmware version 2.3.9. It is configured to allow anonymous connections without any topic-level read or write access control lists (ACLs). This means that any device on the same network can connect to the broker without authentication or authorization.
As a result, an attacker can subscribe to sensitive telemetry topics or publish control messages directly to the robot, potentially manipulating its behavior or accessing confidential data.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to sensitive telemetry data and unauthorized control over the robot. Since there is no authentication or authorization, attackers on the same network can manipulate the robot's operations, leading to potential safety risks, data breaches, or disruption of services.
The CVSS score of 9.8 indicates a critical severity with high impact on confidentiality, integrity, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves the MQTT broker in Yarbo firmware v2.3.9 allowing anonymous connections without authentication or authorization. To detect this on your network or system, you can scan for MQTT brokers that accept anonymous connections and check if sensitive telemetry topics can be subscribed to or if control messages can be published without credentials.
Common commands to detect such a vulnerability include using MQTT client tools to connect anonymously and attempt to subscribe or publish to topics. For example, using the mosquitto_sub and mosquitto_pub commands:
- mosquitto_sub -h <broker_ip> -t '#' -v
- mosquitto_pub -h <broker_ip> -t '<control_topic>' -m 'test message'
If these commands succeed without authentication, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should disable anonymous connections on the MQTT broker embedded in Yarbo firmware v2.3.9.
Additionally, implement topic-level read and write access control lists (ACLs) to restrict which clients can subscribe or publish to sensitive telemetry and control topics.
Restrict network access to the MQTT broker so that only authorized hosts can connect, ideally by using network segmentation or firewall rules.
If possible, update the firmware to a version that addresses this security issue.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows any host on the same network to connect anonymously to the MQTT broker embedded in Yarbo firmware v2.3.9 without authentication or authorization, enabling subscription to sensitive telemetry topics and publishing control messages directly to the robot.
This lack of access control and authentication can lead to unauthorized access and manipulation of sensitive data and device control, which may violate data protection and security requirements mandated by standards such as GDPR and HIPAA.
Specifically, the exposure of sensitive telemetry data without proper access restrictions could result in breaches of confidentiality and integrity, undermining compliance with regulations that require protection of personal or sensitive information.