CVE-2018-9149

Name of the Vulnerable Software and Affected Versions Zyxel Multy X (AC3000 Tri-Band WiFi System) (affected versions not specified)

Description The issue is related to the lack of protection for the UART on the Zyxel Multy X device. An attacker can exploit this by using a USB-to-UART cable to connect to the device and then use the default password 1234 for the root account to gain access to the system. Additionally, an attacker can enable the device's TELNET service as a backdoor. This could allow a remote attacker to gain root access to the device.

Recommendations For the Zyxel Multy X (AC3000 Tri-Band WiFi System), consider disabling the UART interface or changing the default root password 1234 to prevent unauthorized access. As a temporary workaround, consider disabling the TELNET service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.