CVE-2026-36738

MEDIUM

CVSS v3.1: 6.8 · EPSS: 0.0020 (10.2 percentile)

No privilegesNo user interaction

Source data as of:

At a glance

Severity
MEDIUM
CVSS
6.8 v3.1 · NVD
EPSS
0.0020 (10.2 percentile) · FIRST.org
CISA KEV
No
Attack conditions (CVSS vector)
No privilegesNo user interaction · Source: NVD Vector
Affected vendors
u-speed
Published
2026-05-13 · Modified: 2026-06-30

CVSS / EPSS / KEV

CVSS v3.1 6.8 / 10 MEDIUM Source: NVD
EPSS 0.0020 10.2 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

Record details

CVE ID
CVE-2026-36738
CVSS (v3.1)
6.8 (MEDIUM)
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability subscore
0.9
Impact subscore
5.9
EPSS
0.0020 (10.2 percentile) — 2026-07-01
CISA KEV
No
Weakness (CWE)
CWE-284
Affected vendors
u-speed
Affected configurations (CPE)
1
Published
2026-05-13
Modified
2026-06-30
Status
Analyzed

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.