CVE-2018-18754

Name: CVE-2018-18754
Creator: NVD / NIST
Published: 2018-10-29T12:29:09.96+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.08%

Last modified Jun 17, 2026

CVE-2018-18754 is a vulnerability of currently unknown severity. ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.

Metrics

EPSS Probability

1.08%

60.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Zyxel	Vmg3312-B10b Firmware	1.00\(aapp.7\)

References

https://gist.github.com/numanturle/c99d3306e9e4e17bb2164dde363406bcThird Party Advisory
https://gist.github.com/numanturle/c99d3306e9e4e17bb2164dde363406bcThird Party Advisory

Timeline

Published: Oct 29, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-18754?

ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.

How severe is CVE-2018-18754?

Severity scoring for CVE-2018-18754 is pending analysis. The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.

How do I fix CVE-2018-18754?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-18754?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST