CVE-2026-36738

Published: May 13, 2026Modified: May 14, 2026

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://github.com/N0tMilk/vulnerability-research

Source: cve@mitre.org

https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738

Source: cve@mitre.org

https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.