top of page
perceptive_background_267k.jpg

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local netw…

Published:

29 April 2026 at 22:00:00

Alert date:

30 April 2026 at 17:05:34

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

U-SPEED N300 router V1.0.0 contains a vulnerability that allows unlimited authentication attempts on the /api/login endpoint. The lack of rate limiting or account lockout protections enables attackers on the local network to perform brute-force attacks against the administrator account. This vulnerability could lead to unauthorized access to the router management interface. The vulnerability affects the authentication mechanism and represents a significant security weakness in network infrastructure devices.

Technical details

Mitigation steps:

Affected products:

U-SPEED N300 router

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-36959
http://u-speed.com
https://github.com/kirubel-cve/CVE-2026-36959

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page