Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-7414: Yarbo Firmware v2.3.9: Hardcoded Admin Credentials
CVE-2026-7414
Summary
A security flaw in Yarbo firmware v2.3.9 allows anyone with the correct credentials to access device management interfaces. This is a concern because the credentials are the same for all devices and can't be changed by users. To protect your devices, update to a newer version of the firmware that doesn't have this issue.
Original title
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or...
Original description
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.
nvd CVSS3.1
9.8
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 7 May 2026 · Updated: 23 May 2026 · First seen: 7 May 2026