CVE-2026-36738
MEDIUMCVSS v3.1: 6.8 · EPSS: 0.0020 (10.2 percentile)
Source data as of:
At a glance
- Severity
- MEDIUM
- CVSS
- 6.8 v3.1 · NVD
- EPSS
- 0.0020 (10.2 percentile) · FIRST.org
- CISA KEV
- No
- Attack conditions (CVSS vector)
- No privilegesNo user interaction · Source: NVD Vector
- Affected vendors
- u-speed
- Published
- 2026-05-13 · Modified: 2026-06-30
- References
- Jump to references (2)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.