Description
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.
Published: 2026-05-13
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The U‑SPEED AC1200 Gigabit Wi‑Fi Router (Model T18‑21K) V1.0 contains an Unauthorized Access Control flaw that allows an attacker with physical access to its UART pins to directly interact with the device. The UART interface lacks authentication, authorization, or other access‑control checks, giving the attacker full control of device operations. This flaw can lead to complete device compromise and unauthorized use of the router’s functions. Based strictly on the provided description, the vulnerability is a classic CWE‑284 incorrect access control.

Affected Systems

Devices matching the U‑SPEED AC1200 Gigabit Wi‑Fi Router (Model: T18‑21K) V1.0 are affected. No additional vendor or product information is available, and no detailed affected‑version list is provided.

Risk and Exploitability

The CVSS score is 6.8, indicating moderate severity. The EPSS score is < 1% and the vulnerability is not listed in CISA KEV. Because the UART interface does not enforce any authentication or authorization, the attack can be executed directly by plugging a serial cable into the pins, without requiring network access or remote exploits. The main prerequisite is physical proximity to the device, giving an attacker the capability to send arbitrary commands or modify firmware if desired.

Generated by OpenCVE AI on May 14, 2026 at 15:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the vendor’s firmware patch once released
  • Physically disable or lock the UART port to prevent unauthorized connection
  • Restrict physical access to the router by placing it in a secure, locked area or using tamper‑evident seals

Generated by OpenCVE AI on May 14, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared U-speed
U-speed ac1200 Gigabit Wi-fi Router
Vendors & Products U-speed
U-speed ac1200 Gigabit Wi-fi Router

Thu, 14 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Incorrect Access Control on UART Interface of U‑SPEED AC1200 Gigabit Wi‑Fi Router

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Incorrect Access Control on UART Interface of U‑SPEED AC1200 Gigabit Wi‑Fi Router
Weaknesses CWE-284

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.
References

Subscriptions

U-speed Ac1200 Gigabit Wi-fi Router
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T13:53:38.962Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36738

cve-icon Vulnrichment

Updated: 2026-05-14T13:53:08.654Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:40.707

Modified: 2026-05-14T15:16:45.500

Link: CVE-2026-36738

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T19:42:09Z

Weaknesses