CVE-2026-36960

Daily digests

The U-SPEED N300 Router V1.0.0 has zero CSRF protection on its admin web interface. If an admin is logged in and visits a malicious page, an attacker can silently change router settings (Wi-Fi config, DNS, firewall rules, you name it) through the admin's browser session. The admin doesn't need to click anything special: just loading the attacker's page is enough.

• Daily Digest · May 1, 2026

  WordPress auth bypass, CVSS 9.8, no creds needed