Beetel 777VR1: Unsecured SSH Service Exposes Data

Summary

A security flaw in the SSH service of Beetel 777VR1 routers up to version 01.00.09 allows hackers to use weak encryption, which can put your data at risk. This is a concern because hackers can potentially exploit it remotely. We recommend that you contact Beetel support to see if they have released a patch or update to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
beetel	777vr1_firmware	<= 01.00.09_55	–

Original title

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is ...

Original description

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

nvd CVSS2.0 2.6

nvd CVSS3.1 7.4

nvd CVSS4.0 6.3

Vulnerability type

CWE-310

CWE-327 Use of a Broken Cryptographic Algorithm

https://gist.github.com/raghav20232023/8e8e559f80e2d596cb6154747f69a081 Exploit Third Party Advisory Mitigation
https://gist.github.com/raghav20232023/8e8e559f80e2d596cb6154747f69a081#proof--s... Exploit Third Party Advisory
https://vuldb.com/?ctiid.346268 VDB Entry Permissions Required
https://vuldb.com/?id.346268 Third Party Advisory VDB Entry
https://vuldb.com/?submit.751633 Third Party Advisory VDB Entry Exploit