Home / Vulnerability Intelligence / CVE-2026-36959

CVE-2026-36959 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: April 30, 2026

U-SPEED N300 - Authentication Bypass

Published: April 30, 2026Updated: April 30, 2026PoC AvailableRemote Exploitable

Overview

U-SPEED N300 router V1.0.0 contains a broken authentication caused by lack of rate limiting and account lockout on /api/login endpoint, letting local attackers perform unlimited brute-force attempts to access admin interface.

Severity & Score

Severity: High

CVSS Score: 7.5

Impact

Local attackers can brute-force admin credentials, potentially gaining unauthorized access to router management.

Mitigation

Update to the latest firmware version with rate limiting and account lockout protections.

References

http://u-speed.com
https://github.com/kirubel-cve/CVE-2026-36959

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-36959
Severity: High
CVSS Score: 7.5
Type: broken_authentication
Status: unconfirmed

CWE

CWE-307

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N