CVE-2018-9149
MEDIUMZyxel Multy X AC3000 Firmware - Use of Hard-coded Credentials via UART Access
Title source: llmDescription
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.slideshare.net/secret/qrHwDOJ71eLg7f
Scores
CVSS v3
6.8
EPSS
0.0012
EPSS Percentile
31.1%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
zyxel/ac3000_firmware
Published
Apr 01, 2018
Tracked Since
Feb 18, 2026