Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.
AnalysisAI
U-SPEED AC1200 Gigabit Wi-Fi Router Model T18-21K V1.0 exposes an unauthenticated UART serial interface that grants unrestricted access to device functionality upon physical connection. An attacker with physical access to the exposed UART pins can bypass all authentication and authorization controls to gain full device compromise. EPSS exploitation probability is low (0.03%), reflecting the physical access requirement, though the impact of successful exploitation is severe (confidentiality, integrity, and availability compromise).
Technical ContextAI
The vulnerability exists in the device's UART (Universal Asynchronous Receiver-Transmitter) debug/serial interface, a common hardware debugging channel on embedded systems and IoT devices. UART interfaces operating at standard TTL or RS-232 voltage levels are often exposed on PCBs for manufacturing testing and firmware recovery. The U-SPEED T18-21K fails to implement any authentication layer on this interface, violating the principle of secure-by-default embedded device design. CWE-284 (Improper Access Control) classifies the root cause: the lack of access controls (authentication, authorization, privilege separation) on an administrative interface. Successful UART connection provides shell-level or bootloader-level access to the device's operating system, typically allowing firmware inspection, memory dumping, and command execution with root/administrative privileges.
RemediationAI
Immediate remediation requires a firmware update from U-SPEED that implements authentication and access control on the UART interface, such as requiring a valid credential or password before allowing serial console access. Users should contact U-SPEED support to obtain a patched firmware version; no specific fixed version number is currently available from the references provided. Interim compensating controls include: physically securing the device to prevent unauthorized access to internal components (e.g., mounting in a locked enclosure or tamper-evident case), restricting physical access to the device to trusted personnel only, and disabling UART output during operation if firmware settings allow (though this requires verified access to non-vulnerable configuration methods). These controls mitigate risk but do not eliminate the vulnerability for attackers who overcome physical barriers. Devices cannot be considered secure against determined attackers with physical access until a firmware patch implementing UART authentication is deployed.
More in T18 21K Firmware
View allSame weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30043
GHSA-hxf8-x6wv-3579