CVE-2026-36959

Name of the Vulnerable Software and Affected Versions U-SPEED N300 router version 1.0.0

Description The device fails to implement rate limiting or account lockout protections on the '/api/login' endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthorized access to the router management interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.