CVE-2026-36958

HIGH

U-SPEED N300 V1.0.0 - DoS

Title source: llm

Description

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the router web interface to become unresponsive and may require manual reboot to restore normal operation.

Exploits (1)

github WORKING POC

by kirubel-cve · poc

https://github.com/kirubel-cve/CVE-2026-36958

View Code ZIP pw:eip

References (2)

Core 2

Core References

http://u-speed.com

https://github.com/kirubel-cve/CVE-2026-36958

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 11.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

u-speed/n300_firmware 1.0.0

Published Apr 30, 2026

Tracked Since Apr 30, 2026