CVE-2026-36958

HIGH EPSS 26.3%

Published Apr 30, 20262mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Apr 30, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the router web interface to become unresponsive and may require manual reboot to restore normal operation.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

26.3% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

Affected Products 2

Vendor	Product	Version	Range
u-speed	n300_firmware	1.0.0	any
u-speed	n300	*	any

References 2

u-speed.com http://u-speed.com

Broken Link
github.com https://github.com/kirubel-cve/CVE-2026-36958

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.