Beetel 777VR1 Router Bootloader Exposes Critical Diagnostic Commands (CWE-284)

Title: Beetel Beetel 777VR1 Broadband Router Firmware Versions: V01.00.09 / V01.00.09_55 CWE-284 — Improper Access Control Description: Excessive Bootloader Functionality Exposed in Production Firmware Affected Product: Product: Beetel 777VR1 Broadband Router Firmware Versions: V01.00.09 / V01.00.09_55 Build Date: Nov 7 2019 Hardware Platform: Realtek RTL8685S Bootloader: Realtek RTL8685S Bootloader (LZMA) Distribution: ISP-provisioned firmware Vulnerability Type: Improper Restriction of Critical Bootloader Functionality, CWE-284 — Improper Access Control, Severity: Critical Attack Vector: Physical (UART / Serial Console) Description: The Beetel 777VR1 router ships with a production bootloader that exposes a wide range of high-risk diagnostic and control commands intended for development or manufacturing use. These commands are present and fully functional in production firmware and are not restricted by secure boot policies, hardware fuses, or operational mode checks. The exposed functionality includes arbitrary physical memory read and write operations, execution control, and firmware extraction mechanisms such as Trivial File Transfer Protocol (TFTP). These capabilities allow direct interaction with system memory and non-volatile storage prior to operating system initialization.

Goal Reached Thanks to every supporter — we hit 100%!

Beetel 777VR1 Router Bootloader Exposes Critical Diagnostic Commands (CWE-284)