CVE-2026-36956

Exploit

EPSS 0.17%
Veröffentlicht 30.04.2026 00:00:00
Zuletzt bearbeitet 05.05.2026 00:09:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dbitnet ≫ Dbit N300 T1 Pro Firmware Version1.0.0

Dbitnet ≫ Dbit N300 T1 Pro Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://dbit.com

Not Applicable

https://github.com/kirubel-cve/CVE-2026-36956

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-36956

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-36956

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-36956

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-36956