Beetel 777VR1 Web Management Interface Allows Unauthorised Access

Summary

A security flaw in Beetel 777VR1's Web Management Interface allows hackers to access the device without needing a password, which can be done from within the same local network. This means that anyone with access to the local network can potentially exploit this issue to gain unauthorized access to your device. It's recommended to update your device's configuration settings to fix this issue, but so far the vendor has not responded to the discovery of this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
beetel	777vr1_firmware	<= 01.00.09_55	–

Original title

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentia...

Original description

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.

nvd CVSS2.0 8.3

nvd CVSS3.1 9.8

nvd CVSS4.0 8.7

Vulnerability type

CWE-259

CWE-798 Use of Hard-coded Credentials

https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc Exploit Third Party Advisory
https://gist.github.com/raghav20232023/d8dcaaa76e71790f77f8d3ea714d2afc#reproduc... Exploit Third Party Advisory
https://vuldb.com/?ctiid.346266 VDB Entry Permissions Required
https://vuldb.com/?id.346266 Third Party Advisory VDB Entry
https://vuldb.com/?submit.751314 Third Party Advisory VDB Entry Exploit