9.8
CVE-2026-7413
- EPSS 0.58%
- Veröffentlicht 07.05.2026 16:09:26
- Zuletzt bearbeitet 14.05.2026 17:54:50
- Quelle cve@takeonme.org
- CVE-Watchlists
- Unerledigt
LoginPersistent undocumented backdoor access in Yarbo robot
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yarbo ≫ Lawn Mower Firmware Version2.3.9
Yarbo ≫ Lawn Mower Pro Firmware Version2.3.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.43 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cve@takeonme.org | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-912 Hidden Functionality
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
https://github.com/Bin4ry/yarbo-nat-in-my-back-yard
https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111
https://takeonme.org/cves/cve-2026-7413/