CVE-2026-7415

Exploit

EPSS 0.54%
Veröffentlicht 07.05.2026 16:11:16
Zuletzt bearbeitet 14.05.2026 17:50:35
Quelle cve@takeonme.org
CVE-Watchlists
Login
Unerledigt
Login

Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yarbo ≫ Lawn Mower Firmware Version2.3.9

Yarbo ≫ Lawn Mower Version-

Yarbo ≫ Lawn Mower Pro Firmware Version2.3.9

Yarbo ≫ Lawn Mower Pro Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.413

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@takeonme.org	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/Bin4ry/yarbo-nat-in-my-back-yard

Third Party Advisory

Exploit

https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111100111111111110000000000000000000000000000000000000000000000000000001001

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-7415

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-7415

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-7415

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-7415