CVE-2018-9149 — MEDIUM (6.8)

Vulnerability Description

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Ac3000 Firmware	-
Zyxel	Ac3000	-

Related Weaknesses (CWE)

CWE-798

References

https://www.slideshare.net/secret/qrHwDOJ71eLg7fExploitThird Party Advisory
https://www.slideshare.net/secret/qrHwDOJ71eLg7fExploitThird Party Advisory

FAQ

What is CVE-2018-9149?

CVE-2018-9149 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device,...

How severe is CVE-2018-9149?

CVE-2018-9149 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9149?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Ac3000 Firmware, Zyxel Ac3000.