Description
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.
Published: 2026-05-13
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The U‑SPEED AC1200 Gigabit Wi‑Fi Router (Model T18‑21K) V1.0 contains an Unauthorized Access Control flaw that allows an attacker with physical access to its UART pins to directly interact with the device. The UART interface lacks authentication, authorization, or other access‑control checks, giving the attacker full control of device operations. This flaw can lead to complete device compromise and unauthorized use of the router’s functions. Based strictly on the provided description, the vulnerability is a classic CWE‑284 incorrect access control.

Affected Systems

Devices matching the U‑SPEED AC1200 Gigabit Wi‑Fi Router (Model: T18‑21K) V1.0 are affected. No additional vendor or product information is available, and no detailed affected‑version list is provided.

Risk and Exploitability

The CVSS score is not provided, but the flaw grants unrestricted device functionality to anyone with physical access, indicating a high severity. The EPSS is not available and the vulnerability is not listed in CISA KEV. Because the UART interface does not enforce any authentication or authorization, the attack can be executed directly by plugging a serial cable into the pins, without requiring network access or remote exploits. The main prerequisite is physical proximity to the device, giving an attacker the capability to send arbitrary commands or modify firmware if desired.

Generated by OpenCVE AI on May 13, 2026 at 17:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the vendor’s firmware patch once released
  • Physically disable or lock the UART port to prevent unauthorized connection
  • Restrict physical access to the router by placing it in a secure, locked area or using tamper‑evident seals

Generated by OpenCVE AI on May 13, 2026 at 17:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Incorrect Access Control on UART Interface of U‑SPEED AC1200 Gigabit Wi‑Fi Router
Weaknesses CWE-284

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T13:53:38.962Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36738

cve-icon Vulnrichment

Updated: 2026-05-14T13:53:08.654Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:40.707

Modified: 2026-05-13T16:27:36.223

Link: CVE-2026-36738

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T18:00:06Z

Weaknesses