CVE-2018-9149 in Multy X AC3000info

Summary

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

03/30/2018

Disclosure

04/01/2018

Moderation

VulDB entry created

Entries

VDB-115506 (1)

CPE

ready

CWE

CWE-798 (Confirmed)

CVSS

7.1

EPSS

0.00124

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-9149
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-9149
CVE Details	https://www.cvedetails.com/cve/CVE-2018-9149/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!