CVE-2018-18754
CRITICALZyxel Vmg3312-b10b Firmware - Insufficiently Protected Credentials
Title source: ruleDescription
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
Scores
CVSS v3
9.8
EPSS
0.0031
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-522
Status
published
Affected Products (1)
zyxel/vmg3312-b10b_firmware
Timeline
Published
Oct 29, 2018
Tracked Since
Feb 18, 2026