Home / Vulnerability Intelligence / CVE-2026-36958

CVE-2026-36958 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: April 30, 2026

U-SPEED N300 - Denial of Service

Published: April 30, 2026Updated: April 30, 2026PoC AvailableRemote Exploitable

Overview

U-SPEED N300 V1.0.0 contains a denial-of-service caused by resource exhaustion in the embedded Boa HTTP server via many concurrent HTTP requests to random or non-existent endpoints, letting attackers make the web interface unresponsive, exploit requires network access.

Severity & Score

Severity: High

CVSS Score: 7.5

Impact

Attackers can exhaust system resources, causing the router web interface to become unresponsive and require manual reboot.

Mitigation

Update to the latest version or apply vendor patches addressing this issue.

References

http://u-speed.com
https://github.com/kirubel-cve/CVE-2026-36958

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-36958
Severity: High
CVSS Score: 7.5
Type: denial_of_service
Status: unconfirmed

CWE

CWE-400

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H