Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the router web interface to become unresponsive and may require manual reboot to restore normal operation.
AnalysisAI
Remote unauthenticated attackers can crash the U-SPEED N300 V1.0.0 wireless router by flooding its web management interface with concurrent HTTP requests to random or non-existent endpoints, exhausting resources in the embedded Boa HTTP server until manual reboot is required. SSVC framework confirms proof-of-concept exploit code exists and the attack is fully automatable. CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates this is trivially exploitable from the internet without authentication, though impact is limited to availability disruption with no data compromise.
Technical ContextAI
This vulnerability affects the embedded Boa HTTP server implementation used in the U-SPEED N300 V1.0.0 wireless router's web management interface. The root cause is CWE-400 (Uncontrolled Resource Consumption), a classic resource exhaustion flaw where the HTTP server lacks proper request rate limiting, connection throttling, or resource allocation controls. When bombarded with concurrent requests to invalid URIs, the embedded web server exhausts available memory, file descriptors, or processing threads until it becomes unresponsive. Boa is a lightweight single-threaded HTTP server commonly used in embedded devices and IoT products due to its small footprint, but this efficiency comes at the cost of limited built-in protections against resource exhaustion attacks. The CPE data from NVD is incomplete (cpe:2.3:a:n/a:n/a), indicating potential gaps in vulnerability tracking databases for this vendor's products.
RemediationAI
No vendor-released patch has been identified in the available data - the primary vendor reference (http://u-speed.com) is a domain reference rather than a security advisory. Users should immediately check u-speed.com for firmware updates addressing CVE-2026-36958 and upgrade to any version newer than V1.0.0 if available. As a critical compensating control, restrict access to the router's web management interface to trusted internal networks only by disabling WAN-side administrative access in the router configuration (typically under Remote Management or WAN Access settings). Configure firewall rules to block external access to TCP ports 80 and 443 destined for the router's WAN IP address. If remote administration is absolutely required, implement VPN-based access rather than direct internet exposure, though this adds complexity and potential VPN-related vulnerabilities. Note that disabling WAN management may complicate remote troubleshooting for non-technical users. The GitHub reference (https://github.com/kirubel-cve/CVE-2026-36958) may contain proof-of-concept code useful for validation testing in isolated lab environments but should not be used against production systems without authorization.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26379