CVE-2026-7414
CriticalSummary
Yarbo firmware v2.3.9 contains hardcoded administrative credentials. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users.
Risk Assessment
The presence of hardcoded credentials poses a serious risk of unauthorized access to device management interfaces, potentially leading to device takeover.
Recommendation
It is recommended to update the firmware to the latest version that removes hardcoded credentials and to implement additional security measures.
Original NVD description (English source)
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.

