CVE-2026-36960 - Vulnerability Details

- Cross‑Site Request Forgery in U‑SPEED N300 Router Web Management Interface

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.

Published: 2026-04-30

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability permits a Cross‑Site Request Forgery against the U‑SPEED N300 Router’s web management interface. The device does not use anti‑CSRF tokens or strict Origin/Referer validation for its administrative API endpoints, letting a malicious webpage forge HTTP requests. If an authenticated administrator visits such a page, the browser includes the valid session cookie and the router executes the request as a legitimate administrative action, potentially altering configuration without the administrator’s intent. This can lead to loss of network control or service disruption.

Affected Systems

The affected product is the U‑SPEED N300 Router running firmware version V1.0.0. No other vendors or versions are reported in the data.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score is not available and the vulnerability is not listed in KEV. An attacker must lure a legitimate administrator into visiting a malicious web page to trigger the forged request, as the router accepts any authenticated session cookie without CSRF protection. Once the admin is deceived, the attacker can alter configuration, potentially compromising network control or service availability, with minimal effort beyond social engineering.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

U-speed

N300 Router

80%

Version	Status	Scheme	Platform
`1.0.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest U‑SPEED update that includes CSRF protection mechanisms for administrative endpoints.
Deploy anti‑CSRF tokens or strict Origin/Referer validation on all administrative API routes.
Restrict the router’s management interface to the local network or a secure VPN so that external access is prevented.
Enforce strong, unique administrator credentials and change any default passwords.

Generated by OpenCVE AI on May 2, 2026 at 00:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
http://u-speed.com
https://github.com/kirubel-cve/CVE-2026-36960

History

Sat, 02 May 2026 01:00:00 +0000

Type	Values Removed	Values Added
Title		Cross‑Site Request Forgery in U‑SPEED N300 Router Web Management Interface

Fri, 01 May 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		U-speed U-speed n300 Router
Vendors & Products		U-speed U-speed n300 Router

Thu, 30 Apr 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-352
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 30 Apr 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.
References		http://u-speed.com https://github.com/kirubel-cve/CVE-2026-36960

Subscriptions

U-speed N300 Router

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-30T00:00:00.000Z

Updated: 2026-04-30T17:08:13.854Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36960

Vulnrichment

Updated: 2026-04-30T17:06:33.498Z

NVD

Status : Deferred

Published: 2026-04-30T16:16:43.300

Modified: 2026-04-30T17:16:31.920

Link: CVE-2026-36960

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T00:45:30Z

Weaknesses

CWE-352

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object