CVE-2026-7414 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 7, 2026
Yarbo firmware - Authentication Bypass
Published: May 7, 2026Updated: May 7, 2026Remote Exploitable
Overview
Yarbo firmware v2.3.9 contains hardcoded credentials embedded in the firmware image, letting attackers gain unauthorized access to device management interfaces, exploit requires knowledge of the hardcoded credentials.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can gain unauthorized administrative access to devices, compromising device management and security.
Mitigation
Update to the latest firmware version that removes hardcoded credentials.
References
- https://github.com/Bin4ry/yarbo-nat-in-my-back-yard
- https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000001111111111100011111111111000000000000000000000000000000000000000000000000000001000
- https://github.com/Bin4ry/yarbo-nat-in-my-back-yard#3--hardcoded-developer-credentials-in-production-apk
Related Resources
Details
- CVE ID
- CVE-2026-7414
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- hardcoded_credentials
- Status
- unconfirmed
CWE
- CWE-798
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H