Описание
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
6.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.
Уязвимость микропрограммного обеспечения маршрутизатора Zyxel Multy X AC3000, связанная с отсутствием защиты UART позволяющая нарушителю получить доступ к устройству с привилегиями root
EPSS
6.8 Medium
CVSS3
7.2 High
CVSS2