Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-7413

Summary
Assigner-AHA
Assigner Org ID-26969f82-7e87-44d8-9cb5-f6fb926ddd43
Published At-07 May, 2026 | 16:09
Updated At-08 May, 2026 | 22:46
Rejected At-
Credits

Persistent undocumented backdoor access in Yarbo robot

A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AHA
Assigner Org ID:26969f82-7e87-44d8-9cb5-f6fb926ddd43
Published At:07 May, 2026 | 16:09
Updated At:08 May, 2026 | 22:46
Rejected At:
▼CVE Numbering Authority (CNA)
Persistent undocumented backdoor access in Yarbo robot

A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.

Affected Products
Vendor
Yarbo
Product
Firmware
Default Status
unaffected
Versions
Affected
  • From 0 through 2.3.9 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-912CWE-912 Hidden Functionality
Type: CWE
CWE ID: CWE-912
Description: CWE-912 Hidden Functionality
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Andreas Makris (aka Bin4ry)
coordinator
todb of AHA!
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Bin4ry/yarbo-nat-in-my-back-yard
third-party-advisory
https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111
third-party-advisory
Hyperlink: https://github.com/Bin4ry/yarbo-nat-in-my-back-yard
Resource:
third-party-advisory
Hyperlink: https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://takeonme.org/cves/cve-2026-7413/
exploit
Hyperlink: https://takeonme.org/cves/cve-2026-7413/
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@takeonme.org
Published At:07 May, 2026 | 17:15
Updated At:08 May, 2026 | 23:16

A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-912Secondarycve@takeonme.org
CWE ID: CWE-912
Type: Secondary
Source: cve@takeonme.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Bin4ry/yarbo-nat-in-my-back-yardcve@takeonme.org
N/A
https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111cve@takeonme.org
N/A
https://takeonme.org/cves/cve-2026-7413/134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/Bin4ry/yarbo-nat-in-my-back-yard
Source: cve@takeonme.org
Resource: N/A
Hyperlink: https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111
Source: cve@takeonme.org
Resource: N/A
Hyperlink: https://takeonme.org/cves/cve-2026-7413/
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2024-13062
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.54%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:09
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-Router
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-912
Hidden Functionality
CVE-2023-25183
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.3||HIGH
EPSS-0.06% / 17.95%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 20:04
Updated-16 Jan, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.

Action-Not Available
Vendor-snaponeSnap One
Product-orvcovrc-300-proOvrC Cloud
CWE ID-CWE-912
Hidden Functionality
CVE-2025-11673
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.35% / 57.52%
||
7 Day CHG~0.00%
Published-13 Oct, 2025 | 07:35
Updated-14 Oct, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PiExtract |SOOP-CLM - Hidden Functionality

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.

Action-Not Available
Vendor-PiExtract
Product-SOOP-CLM
CWE ID-CWE-912
Hidden Functionality
CVE-2022-38452
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 17:41
Updated-26 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbs750_firmwarerbs750Orbi Router RBR750
CWE ID-CWE-912
Hidden Functionality
CVE-2022-36429
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.50% / 66.02%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 17:41
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbs750_firmwarerbs750Orbi Satellite RBS750rbs750_firmware
CWE ID-CWE-912
Hidden Functionality
CVE-2025-48418
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:44
Updated-12 Mar, 2026 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimanagerfortimanager_cloudfortianalyzerfortianalyzer_cloudFortiAnalyzer CloudFortiAnalyzerFortiManager CloudFortiManager
CWE ID-CWE-912
Hidden Functionality
Details not found