CVE-2026-7414
CVE-2026-7414
9.8
CriticalPublished:
Last updated:
Source:cve@takeonme.org
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.
References
cve@takeonme.org
https://github.com/Bin4ry/yarbo-nat-in-my-back-yard134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/Bin4ry/yarbo-nat-in-my-back-yard#3--hardcoded-developer-credentials-in-production-apk