Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.5AI score0.00544EPSS
Exploits1References1
NVD
NVD
added 2026/05/07 5:15 p.m.30 views

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS0.00544EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 4:11 p.m.30 views

CVE-2026-7415

The CVE-2026-7415 vulnerability affects the MQTT broker embedded in Yarbo firmware v2.3.9. The broker is configured to allow anonymous connections with no topic-level read/write ACLs, enabling any host on the same network to subscribe to sensitive telemetry topics or publish control messages dire...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 4:11 p.m.8 views

CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/07 4:11 p.m.58 views

CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS0.00544EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 4:11 p.m.9 views

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Yarbo 访问控制错误漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains an access control vulnerability. This vulnerability stems from the MQTT proxy configuration, which allows anonymous connections without topic-level read/write ACLs. ...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References1
Rows per page
Query Builder