Unprotected Login Endpoint Enables Brute-Force Router Attacks

CVE-2026-36959 affects U-SPEED N300 routers running V1.0.0, where the /api/login endpoint lacks rate limiting and account lockout mechanisms. This vulnerability allows attackers on the local network to conduct unlimited authentication attempts against the administrator account, significantly lowering the barrier to compromise. Router management interfaces are critical assets that control network traffic, DNS settings, and device configurations; unauthorized access grants an attacker the ability to redirect traffic, launch man-in-the-middle attacks, or lock legitimate administrators out of their own devices. Any organization or home user deploying this router model faces immediate risk of unauthorized access and potential network takeover.

While this CVE itself maps to CWE-307 (Improper Restriction of Rendered UI Layers or Frames) rather than explicit MITRE ATT&CK techniques, Casky's AI-driven analysis would identify the underlying attack patterns associated with credential compromise. Practitioners using Casky would detect reconnaissance activity (gathering valid usernames), followed by credential access attempts via brute-force patterns—typically manifesting as rapid, sequential login failures from a single source IP. The platform's extended reasoning capability would correlate these failed attempts with successful authentications, flagging anomalous access patterns that precede unauthorized management interface access. Security teams would observe high-velocity login attempts in their findings, distinguishing them from legitimate failed password entries through volume, timing consistency, and source isolation on local network segments.