Skip to main content

U-SPEED AC1200 Router EUVDEUVD-2026-30043

| CVE-2026-36738 MEDIUM
Improper Access Control (CWE-284)
2026-05-13 cve@mitre.org GHSA-hxf8-x6wv-3579
6.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 14, 2026 - 15:22 vuln.today
CVSS changed
May 14, 2026 - 15:22 NVD
6.8 (MEDIUM)
CVE Published
May 13, 2026 - 16:16 nvd
MEDIUM 6.8
CVE Published
May 13, 2026 - 16:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

AnalysisAI

U-SPEED AC1200 Gigabit Wi-Fi Router Model T18-21K V1.0 exposes an unauthenticated UART serial interface that grants unrestricted access to device functionality upon physical connection. An attacker with physical access to the exposed UART pins can bypass all authentication and authorization controls to gain full device compromise. EPSS exploitation probability is low (0.03%), reflecting the physical access requirement, though the impact of successful exploitation is severe (confidentiality, integrity, and availability compromise).

Technical ContextAI

The vulnerability exists in the device's UART (Universal Asynchronous Receiver-Transmitter) debug/serial interface, a common hardware debugging channel on embedded systems and IoT devices. UART interfaces operating at standard TTL or RS-232 voltage levels are often exposed on PCBs for manufacturing testing and firmware recovery. The U-SPEED T18-21K fails to implement any authentication layer on this interface, violating the principle of secure-by-default embedded device design. CWE-284 (Improper Access Control) classifies the root cause: the lack of access controls (authentication, authorization, privilege separation) on an administrative interface. Successful UART connection provides shell-level or bootloader-level access to the device's operating system, typically allowing firmware inspection, memory dumping, and command execution with root/administrative privileges.

RemediationAI

Immediate remediation requires a firmware update from U-SPEED that implements authentication and access control on the UART interface, such as requiring a valid credential or password before allowing serial console access. Users should contact U-SPEED support to obtain a patched firmware version; no specific fixed version number is currently available from the references provided. Interim compensating controls include: physically securing the device to prevent unauthorized access to internal components (e.g., mounting in a locked enclosure or tamper-evident case), restricting physical access to the device to trusted personnel only, and disabling UART output during operation if firmware settings allow (though this requires verified access to non-vulnerable configuration methods). These controls mitigate risk but do not eliminate the vulnerability for attackers who overcome physical barriers. Devices cannot be considered secure against determined attackers with physical access until a firmware patch implementing UART authentication is deployed.

Share

EUVD-2026-30043 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy