top of page
perceptive_background_267k.jpg

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to imp…

Published:

29 april 2026 om 22:00:00

Alert date:

30 april 2026 om 17:05:34

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure

A Cross-Site Request Forgery vulnerability affects the Dbit N300 T1 Pro wireless router V1.0.0 web management interface. The router lacks proper CSRF protection mechanisms including anti-CSRF tokens and Origin/Referer validation for administrative API endpoints. Attackers can create malicious webpages that send forged HTTP requests to configuration endpoints like /api/setWlan. When authenticated administrators visit these malicious pages, their browsers automatically include valid session cookies, allowing unauthorized configuration changes. This vulnerability enables remote attackers to perform administrative actions without proper authorization through social engineering tactics.

Technical details

Mitigation steps:

Affected products:

Dbit N300 T1 Pro wireless router

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-36956
http://dbit.com
https://github.com/kirubel-cve/CVE-2026-36956

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page