CVE Catalog

CVE-2026-36738

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

The U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 has an Incorrect Access Control vulnerability. The device exposes a UART interface without authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect and gain unrestricted access to device functionality.

Risk Assessment

The organization faces the risk of an attacker with physical access gaining full control over the router. This could lead to data theft, network configuration modification, or using the device as an entry point for attacks on internal IT infrastructure.

Recommendation

Immediately secure physical access to the routers by placing them in locked server cabinets or access-controlled rooms. Consider replacing the device with a model that has built-in UART authentication mechanisms or applying additional hardware security measures.

Original NVD description (English source)

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS