CVE-2026-7414

Exploit

EPSS 0.53%
Veröffentlicht 07.05.2026 16:10:02
Zuletzt bearbeitet 14.05.2026 17:53:31
Quelle cve@takeonme.org
CVE-Watchlists
Login
Unerledigt
Login

Hardcoded credentials in Yarbo robot firmware

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yarbo ≫ Lawn Mower Firmware Version2.3.9

Yarbo ≫ Lawn Mower Version-

Yarbo ≫ Lawn Mower Pro Firmware Version2.3.9

Yarbo ≫ Lawn Mower Pro Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.406

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@takeonme.org	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/Bin4ry/yarbo-nat-in-my-back-yard

Third Party Advisory

Exploit

https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000001111111111100011111111111000000000000000000000000000000000000000000000000000001000

Third Party Advisory

https://github.com/Bin4ry/yarbo-nat-in-my-back-yard#3--hardcoded-developer-credentials-in-production-apk

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-7414

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-7414

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-7414

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-7414