cvedb.io
CVE-2018-9149
MEDIUM · CVSS 6.8
EPSS exploitation probability: 0%
Published 2018-04-01T18:29:00.287 · Last modified 2026-06-17T02:06:09.787

Summary

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.

Affected products

zyxel — ac3000_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when zyxel ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.