漏洞关键信息 Title: - Beetel Beetel 777VR1 Broadband Router Firmware Version: V01.00.09 / V01.00.09_55 CWE-307 Improper Restriction - Excessive Authentication Attempts Description: - Missing Brute-Force Protection on UART Diagnostic Authentication Mechanism Affected Product: - Product: Beetel 777VR1 Broadband Router - Firmware Version: V01.00.09 / V01.00.09_55 - Distribution: ISP-provisioned firmware Vulnerability Type: - Improper Authentication Attempt Restriction CWE: - CWE-307 - Improper Restriction of Excessive Authentication Attempts Severity: - Critical Attack Vector: - Physical (UART) Description: - The UART-based diagnostic authentication mechanism on the Beetel 777VR1 router does not implement any form of brute-force protection. The interface allows unlimited authentication attempts without rate limiting, delay, CAPTCHA, or account lockout. - An attacker with physical access can repeatedly attempt credentials without restriction, enabling credential guessing or brute-forcing.