CVE 8.8 HIGH

CVE-2026-36956_CVE-2026-36956

April 30, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.

AI Analysis

Cross-Site Request Forgery (CSRF) vulnerability in the web management interface

Basic Information

ID CVE-2026-36956

Source mitre

Published Apr 30, 2026 at 00:00

Modified Apr 30, 2026 at 15:21

Affected Product

Vendor Dbit

Product Dbit N300 T1 Pro

Version V1.0.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-352

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Dbit

Product N300 T1 Pro

Version V1.0.0

References

{
    "lastseen": "",
    "description": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.",
    "published": "2026-04-30T00:00:00.000Z",
    "modified": "2026-04-30T15:21:01.763Z",
    "type": "cve",
    "title": "CVE-2026-36956",
    "source": "mitre",
    "references": "http://dbit.com\nhttps://github.com/kirubel-cve/CVE-2026-36956",
    "id": "CVE-2026-36956",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dbit N300 T1 Pro",
    "version": "V1.0.0",
    "vendor": "Dbit",
    "ai_description": "Cross-Site Request Forgery (CSRF) vulnerability in the web management interface",
    "ai_severity": "High",
    "ai_vendor": "Dbit",
    "ai_product": "N300 T1 Pro",
    "ai_version": "V1.0.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply