Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.8 views

CVE-2026-36959

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...

7.5CVSS5.5AI score0.00368EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.8 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

8.8CVSS5.5AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-30044

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Command Injection. The Network Time Protocol NTP configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands...

6AI score0.0209EPSS
Exploits1References3
NVD
NVD
added 2026/05/13 4:16 p.m.10 views

CVE-2026-36741

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Command Injection. The Network Time Protocol NTP configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands...

7.2CVSS0.0209EPSS
Exploits1References2
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-36738

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...

6.8CVSS0.00299EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.9 views

CVE-2026-36738

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...

5.8AI score0.00299EPSS
Exploits1References2
NVD
NVD
added 2026/04/30 3:16 p.m.11 views

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

7.5CVSS0.00344EPSS
Exploits2References2
CVE
CVE
added 2026/04/30 12:0 a.m.8 views

CVE-2026-36960

CVE-2026-36960 describes a CSRF flaw in the web management interface of the U-SPEED N300 Router V1.0.0. The device lacks anti-CSRF tokens and strict Origin/Referer checks for administrative endpoints, enabling a crafted page to trigger forged requests when an authenticated administrator visits it...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.38 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.6 views

EUVD-2026-26386

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.6 views

CVE-2026-36959

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...

7.5CVSS5.2AI score0.00368EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

5.4AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.8 views

U-SPEED N300 资源管理错误漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a resource management vulnerability. This vulnerability stems from a denial-of-service attack on the embedded Boa HTTP server. It is possible for attackers to exhaust system resources...

7.5CVSS5.8AI score0.00344EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/04/29 8:33 p.m.71 views

Exploit for CVE-2026-36958

CVE-2026-36958: Denial of Service via Concurrent HTTP Requests...

5.5AI score0.00344EPSS
Exploits2
Rows per page
Query Builder