CVE-2026-36738
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
The U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 has an Incorrect Access Control vulnerability. The device exposes a UART interface without authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect and gain unrestricted access to device functionality.
Risk Assessment
The organization faces the risk of an attacker with physical access gaining full control over the router. This could lead to data theft, network configuration modification, or using the device as an entry point for attacks on internal IT infrastructure.
Recommendation
Immediately secure physical access to the routers by placing them in locked server cabinets or access-controlled rooms. Consider replacing the device with a model that has built-in UART authentication mechanisms or applying additional hardware security measures.
Original NVD description (English source)
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

