CVE-2026-36958

HIGH

U-SPEED N300 V1.0.0 - Denial of Service via Concurrent HTTP Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-36958. PoCs published by kirubel-cve.

AI-analyzed exploit summary The repository contains a functional Python script that demonstrates a Denial of Service (DoS) vulnerability in U-SPEED Router firmware V1.0.0 by flooding the device with concurrent HTTP requests, causing resource exhaustion.

Description

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the router web interface to become unresponsive and may require manual reboot to restore normal operation.

Exploits (1)

github WORKING POC

by kirubel-cve · poc

https://github.com/kirubel-cve/CVE-2026-36958

View Code ZIP pw:eip

The repository contains a functional Python script that demonstrates a Denial of Service (DoS) vulnerability in U-SPEED Router firmware V1.0.0 by flooding the device with concurrent HTTP requests, causing resource exhaustion.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: U-SPEED Router V1.0.0

No auth needed

Prerequisites: Network access to the target router

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (2)

Core 2

Core References

http://u-speed.com

https://github.com/kirubel-cve/CVE-2026-36958

Scores

CVSS v3 7.5

EPSS 0.0034

EPSS Percentile 26.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

u-speed/n300_firmware 1.0.0

Published Apr 30, 2026

Tracked Since Apr 30, 2026