CVE-2018-18754
CRITICALZyXEL VMG3312-B10B 1.00(AAPP.7) - Insufficiently Protected Credentials
Title source: llmDescription
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/numanturle/c99d3306e9e4e17bb2164dde363406bc
Scores
CVSS v3
9.8
EPSS
0.0029
EPSS Percentile
52.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
zyxel/vmg3312-b10b_firmware
1.00\(aapp.7\)
Published
Oct 29, 2018
Tracked Since
Feb 18, 2026