Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
AnalysisAI
Undocumented persistent backdoor in Yarbo firmware v2.3.9 grants remote privileged access that survives factory reset and firmware updates. The backdoor requires high-privilege authentication (CVSS PR:H) but provides complete system control once accessed. No public exploit identified at time of analysis, though GitHub repository reference suggests technical disclosure exists. CVSS 7.2 reflects the high-privilege requirement, but persistence across resets and undocumented nature indicate significant supply chain or insider threat risk.
Technical ContextAI
This vulnerability represents CWE-912 (Hidden Functionality), a supply chain security concern involving intentionally embedded backdoor code in IoT device firmware. The affected product is Yarbo firmware version 2.3.9, identified by CPE cpe:2.3:a:yarbo:firmware:*:*:*:*:*:*:*:*. Unlike typical vulnerabilities arising from coding errors, CWE-912 involves deliberately placed functionality that bypasses normal access controls. The backdoor's persistence through factory reset indicates it resides in non-volatile storage outside user-accessible partitions, and its survival through ordinary firmware updates suggests it may be re-injected during the update process or stored in a protected boot partition. The description characterizes authentication as 'unauthenticated or weakly authenticated,' but the CVSS vector indicates PR:H (high privileges required), suggesting either hardcoded credentials known to the backdoor authors or a secondary authentication bypass mechanism.
RemediationAI
No vendor-released patch identified at time of analysis. The standard remediation approach of firmware updates is explicitly ineffective as the description states the backdoor 'survives ordinary firmware updates,' indicating re-injection or protected persistence mechanisms. Organizations running Yarbo firmware v2.3.9 should immediately implement network-level isolation: segment affected devices to dedicated VLAN with strict firewall rules blocking all inbound network access except from authorized management systems with IP whitelisting and mandatory MFA. Monitor all authentication attempts to Yarbo devices through SIEM correlation for credential abuse patterns. If devices support it, disable remote management features entirely and require physical console access, though description notes backdoor 'cannot be disabled via user-facing settings.' Contact Yarbo vendor directly for supply chain investigation and remediation guidance, referencing CVE-2026-7413 and GitHub disclosure at https://github.com/Bin4ry/yarbo-nat-in-my-back-yard. Consider hardware replacement if vendor cannot provide cryptographically signed firmware update that verifiably removes backdoor code and implements secure boot mechanisms. Network isolation carries operational impact of preventing legitimate remote management but is necessary compensating control until vendor provides verified clean firmware.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a d
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_12
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows r
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows r
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wirele
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 wit
Authentication bypass in Tenda router firmware (AC10, AC5, AC6, FH1201, W15E) lets any user log in as administrator via
Anonymous MQTT access in Yarbo firmware v2.3.9 allows remote unauthenticated attackers on the local network to fully con
Hardcoded administrative credentials in Yarbo firmware v2.3.9 allow remote unauthenticated attackers to gain full device
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboa
Same weakness CWE-912 – Hidden Functionality
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28398
GHSA-pq5m-hxx2-xhw5