Back

Critical Vulnerabilities in Yarbo Robot Firmware Expose Devices to Remote Attacks

Severity: High (Score: 78.0)

Sources: takeonme.org

Summary

AHA! disclosed three critical vulnerabilities in Yarbo robot firmware v2.3.9, identified as CVE-2026-7413, CVE-2026-7414, and CVE-2026-7415. The vulnerabilities include a hidden backdoor, hardcoded credentials, and an open MQTT broker, allowing attackers to gain unauthorized access and control over affected devices. CVE-2026-7413 features a persistent backdoor providing root access, while CVE-2026-7414 contains hardcoded admin credentials shared across all devices. CVE-2026-7415 allows for device enumeration and command execution without authentication. These vulnerabilities enable mass exploitation and fleet-wide compromise of Yarbo robots. The issues were reported by Andreas Makris (Bin4ry) and are currently active, posing significant risks to users. Immediate action is required to mitigate these threats. Key Points: • Three critical CVEs (CVE-2026-7413, CVE-2026-7414, CVE-2026-7415) affect Yarbo firmware v2.3.9. • A persistent backdoor and hardcoded credentials allow for unauthorized remote access. • An open MQTT broker enables device enumeration and command execution without authentication.

Key Entities

  • Data Breach (attack_type)
  • Malware (attack_type)
  • CVE-2026-7413 (cve)
  • CVE-2026-7414 (cve)
  • CVE-2026-7415 (cve)
  • Cwe-306 - Missing Authentication For Critical Function (cwe)
  • CWE-798 - Use of Hard-coded Credentials (cwe)
  • T1021 - Remote Services (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1071 - Application Layer Protocol (mitre_attack)
  • T1078 - Valid Accounts (mitre_attack)
  • T1543.003 - Windows Service (mitre_attack)
  • SSH (tool)
  • MQTT Broker (tool)
  • NAT-punching Proxy (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed