CVE-2018-9149

Published: Apr 1, 2018Modified: Nov 21, 2024

6.8

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.

Affected (1)

Products: Zyxel: Ac3000 Firmware

1 product

Ac3000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Ac3000 Firmware	All versions

Running on/with	Platform Versions
Zyxel Ac3000	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.slideshare.net/secret/qrHwDOJ71eLg7f

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.slideshare.net/secret/qrHwDOJ71eLg7f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.