Kirubel-Cve

**Name of the Vulnerable Software and Affected Versions** Dbit N300 T1 Pro wireless router version 1.0.0 **Description** A Cross-Site Request Forgery (CSRF) issue exists in the web management interface. The device fails to implement proper protection mechanisms, such as anti-CSRF tokens or strict Origin/Referer validation, for administrative API endpoints. An attacker can craft a malicious webpage to send forged HTTP requests to configuration endpoints, such as "/api/setWlan". If an authenticated administrator visits this page, the browser automatically includes the session cookie, allowing the request to be processed as a legitimate administrative action. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** U-SPEED N300 version 1.0.0 **Description** A denial-of-service issue exists in the embedded Boa HTTP server of the web management interface. An attacker can exhaust system resources by sending a large volume of concurrent HTTP requests to random or non-existent endpoints, causing the interface to become unresponsive and potentially requiring a manual reboot to restore operation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** U-SPEED N300 router version 1.0.0 **Description** The device fails to implement rate limiting or account lockout protections on the '/api/login' endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthorized access to the router management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.