Which versions of Beetel 777VR1 are affected by CVE-2026-2616?

Beetel 777VR1 routers (firmware ≤01.00.09) contain hard-coded administrative credentials accessible from the adjacent network, enabling complete device compromise without authentication.

Is there a public PoC exploit available for CVE-2026-2616?

Yes, a public proof-of-concept exploit is available for CVE-2026-2616. Prioritise patching immediately. EPSS: 0.2%.

Beetel 777VR1 CVE-2026-2616

Q: What is the CVSS score of CVE-2026-2616?

CVE-2026-2616 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

HIGH

Use of Hard-coded Password (CWE-259)

2026-02-17 cna@vuldb.com

Authentication Bypass

7.4

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:38 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 29, 2026 - 01:11 vuln.today

cvss_changed

CVSS changed

Apr 29, 2026 - 01:11 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 19, 2026 - 19:56 vuln.today

Public exploit code

CVE Published

Feb 17, 2026 - 15:16 nvd

HIGH 8.8

DescriptionNVD

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Hard-coded credentials in the Beetel 777VR1 router's web management interface allow adjacent network attackers to gain full administrative access without authentication. Affecting firmware versions up to and including 01.00.09, this vulnerability enables complete device compromise through documented default credentials that cannot be changed through normal configuration. …

RemediationAI

Within 24 hours: inventory all Beetel 777VR1 devices in your network and document firmware versions. Within 7 days: isolate affected routers to trusted management networks only, restrict administrative interface access via network segmentation or firewall rules, and document business justification for any retained devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-2616 vulnerability details – vuln.today

Back

Beetel 777VR1 CVE-2026-2616

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Beetel 777VR1 CVE-2026-2616

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code