CVE Catalog

CVE-2026-7414

Critical
Published: Translated: NVD NIST

Summary

Yarbo firmware v2.3.9 contains hardcoded administrative credentials. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users.

Risk Assessment

The presence of hardcoded credentials poses a serious risk of unauthorized access to device management interfaces, potentially leading to device takeover.

Recommendation

It is recommended to update the firmware to the latest version that removes hardcoded credentials and to implement additional security measures.

Original NVD description (English source)

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS