CVE-2026-36738

medium

Published 2026-05-13 · Modified 2026-05-14

CVSS v3

6.8

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

6.8

Description

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

Predictions

Exploit likelihood

67%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

https://github.com/N0tMilk/vulnerability-research
https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738
https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.