HomeVulnerabilitiesCVE-2026-7414
Critical Risk Disclosed

CVE-2026-7414

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.

Share this vulnerability:

Exploitation Probability (EPSS)

Low Priority
0.02%

The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.

0% (Theoretical)100% (Certainty)

7-Day Exploitation Trend

Vulnerability Timeline

2 events
May 7, 2026
Vulnerability Disclosed
Published to component-level vulnerability database.
May 14, 2026
Last Updated
Record updated with new analysis or tags.

Threat Actor Attribution

PREMIUM INTEL
Associated Groups:Lazarus Group, APT28
Ransomware Campaigns:LockBit 3.0, BlackCat
IoCs (Indicators):14 IPs, 3 Hashes

Remediation & Mitigation

SOLUTION

Official patches and mitigation steps are available for this vulnerability.

# Update Command
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name

Affected Products

4 Total
yarbo/lawn_mower_firmware2.3.9
yarbo/lawn_mower-
yarbo/lawn_mower_pro_firmware2.3.9
yarbo/lawn_mower_pro-

References

https://github.com/Bin4ry/yarbo-nat-in-my-back-yardGitHub
ExploitThird Party Advisory
https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000001111111111100011111111111000000000000000000000000000000000000000000000000000001000Takeonme
Third Party Advisory
https://github.com/Bin4ry/yarbo-nat-in-my-back-yard#3--hardcoded-developer-credentials-in-production-apkGitHub
ExploitThird Party Advisory

Am I Vulnerable?

Check your domain or package.json for CVE-2026-7414 exposure.

Share This Page

Help others discover this vulnerability information

Vulnerability Details

CVSS Base Score
9.8/ 10
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published Date
May 7, 2026
Last Modified
May 14, 2026
Need API Access?

Integrate this data into your SOAR platform.

View Plans →
Need Manual Validation?

Automated scanners flag false positives. Get a manual pentest validation for this CVE.