CVE-2026-36958 — HIGH (7.5)

Vulnerability Description

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the router web interface to become unresponsive and may require manual reboot to restore normal operation.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
U-Speed	N300 Firmware	1.0.0
U-Speed	N300	-

Related Weaknesses (CWE)

CWE-400

References

http://u-speed.comBroken Link
https://github.com/kirubel-cve/CVE-2026-36958ExploitThird Party Advisory

FAQ

What is CVE-2026-36958?

CVE-2026-36958 is a vulnerability with a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management int...

How severe is CVE-2026-36958?

CVE-2026-36958 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-36958?

Check the references section above for vendor advisories and patch information. Affected products include: U-Speed N300 Firmware, U-Speed N300.