CVE-2026-36956

Name of the Vulnerable Software and Affected Versions Dbit N300 T1 Pro wireless router version 1.0.0

Description A Cross-Site Request Forgery (CSRF) issue exists in the web management interface. The device fails to implement proper protection mechanisms, such as anti-CSRF tokens or strict Origin/Referer validation, for administrative API endpoints. An attacker can craft a malicious webpage to send forged HTTP requests to configuration endpoints, such as "/api/setWlan". If an authenticated administrator visits this page, the browser automatically includes the session cookie, allowing the request to be processed as a legitimate administrative action.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.