Yarbo Lawn_mower
3 CVEs affecting Yarbo Lawn_mower. Latest disclosed: 2026-05-07. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-7415 | Critical | 9.8 | 2026-05-07 | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same net… |
CVE-2026-7414 | Critical | 9.8 | 2026-05-07 | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running… |
CVE-2026-7413 | High | 7.2 | 2026-05-07 | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functiona… |