CVE-2026-36956: n/a
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.
AI Analysis
Technical Summary
CVE-2026-36956 is a CSRF vulnerability affecting the Dbit N300 T1 Pro wireless router v1.0.0. The vulnerability arises because the router's web management interface lacks adequate CSRF protections on administrative API endpoints, allowing attackers to trick authenticated administrators into executing unauthorized configuration changes via forged HTTP requests.
Potential Impact
An attacker can cause an authenticated administrator's browser to perform unauthorized configuration changes on the router without their consent. This could lead to manipulation of wireless settings or other administrative functions, potentially compromising network security or availability. There is no information about known exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, administrators should avoid visiting untrusted websites while logged into the router's management interface and consider restricting access to the router's web interface to trusted networks only.
CVE-2026-36956: n/a
Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-36956 is a CSRF vulnerability affecting the Dbit N300 T1 Pro wireless router v1.0.0. The vulnerability arises because the router's web management interface lacks adequate CSRF protections on administrative API endpoints, allowing attackers to trick authenticated administrators into executing unauthorized configuration changes via forged HTTP requests.
Potential Impact
An attacker can cause an authenticated administrator's browser to perform unauthorized configuration changes on the router without their consent. This could lead to manipulation of wireless settings or other administrative functions, potentially compromising network security or availability. There is no information about known exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, administrators should avoid visiting untrusted websites while logged into the router's management interface and consider restricting access to the router's web interface to trusted networks only.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-06T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f37003cbff5d86102de4e3
Added to database: 4/30/2026, 3:06:43 PM
Last enriched: 4/30/2026, 3:21:43 PM
Last updated: 4/30/2026, 4:22:32 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.