CVE-2026-36959

Published: Apr 30, 2026

Modified: Apr 30, 2026

PUBLISHED

Description

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthorized access to the router management interface.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://u-speed.com

https://github.com/kirubel-cve/CVE-2026-36959

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-36959

Description

Affected Products

References