CVE-2026-36958
Denial-of-Service in U-SPEED N300 V1.0.0 Router
Publication date: 2026-04-30
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| u-speed | n300_firmware | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can significantly impact the availability of the router's web management interface. By exhausting system resources through many concurrent HTTP requests, the router may become unresponsive, disrupting management and configuration tasks. This denial of service may require manual intervention, such as rebooting the device, to restore normal operation.
Can you explain this vulnerability to me?
CVE-2026-36958 is a denial-of-service vulnerability in the U-SPEED N300 V1.0.0 wireless router. An attacker can exploit this by sending a large number of concurrent HTTP requests to random or non-existent endpoints on the router's web management interface. This overwhelms the embedded Boa HTTP server, causing the router's web interface to become unresponsive and potentially requiring a manual reboot to restore normal operation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for a large number of concurrent HTTP requests to random or non-existent endpoints on the router's web management interface. An unusually high number of such requests may indicate an ongoing attack attempting to exhaust system resources.
To detect this on your system, you can use network monitoring tools or commands to observe HTTP request patterns and connection counts to the router's management interface.
- Use network packet capture tools like tcpdump or Wireshark to filter HTTP requests targeting the router's IP and look for a high volume of requests to random or non-existent URLs.
- On a Linux system, a command like `netstat -anp | grep :80` or `ss -s` can help identify the number of active HTTP connections to the router.
- Use web server logs (if accessible) to check for a spike in HTTP requests to invalid endpoints.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing connection rate limiting and restricting the maximum number of concurrent connections per source IP address to the router's web management interface.
Additionally, enabling or adding automatic recovery mechanisms that can detect and recover from resource exhaustion without requiring a manual reboot can help maintain availability.
If possible, monitor and block suspicious IP addresses generating excessive HTTP requests.
As a temporary measure, consider limiting access to the router's web interface to trusted networks or IP addresses only.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a denial of service by making the router's web management interface unresponsive, impacting availability but not confidentiality or integrity.
Since the vulnerability does not affect confidentiality or integrity of data, its direct impact on compliance with standards like GDPR or HIPAAβwhich emphasize data protection and privacyβis limited.
However, the loss of availability could still affect compliance if the router is part of a critical infrastructure supporting regulated data, as availability is a component of many security frameworks.
No explicit information is provided about compliance impact in the available resources.