CVE-2026-36956
Published: 30 April 2026
Summary
CVE-2026-36956 is a high-severity CSRF (CWE-352) vulnerability in Dbitnet Dbit N300 T1 Pro Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires mechanisms to protect communications session authenticity, such as anti-CSRF tokens, SameSite cookies, or origin/referer validation, directly addressing the router's failure to implement CSRF protections on admin API endpoints.
SI-10 mandates validation of all information inputs to administrative endpoints, rejecting forged requests lacking valid CSRF tokens or proper origin headers.
SI-2 requires timely identification, prioritization, and correction of system flaws, directly mitigating this CSRF vulnerability through firmware remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CSRF vulnerability in the router's web management interface directly enables exploitation of a public-facing application to perform unauthorized administrative actions via forged requests.
NVD Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative…
more
API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.
Deeper analysisAI
CVE-2026-36956 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the web management interface of the Dbit N300 T1 Pro wireless router running firmware version V1.0.0. The affected component fails to implement proper CSRF protections, such as anti-CSRF tokens or strict Origin/Referer header validation, on administrative API endpoints. This allows forged HTTP requests to be processed without verifying the request's origin. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for network-accessible exploitation with significant impacts on confidentiality, integrity, and availability.
An attacker can exploit this vulnerability by crafting a malicious webpage that submits forged HTTP requests to sensitive configuration endpoints, such as /api/setWlan. The exploit requires an authenticated administrator to visit the attacker's webpage while logged into the router's web interface; the victim's browser will then automatically include the valid session cookie in the cross-origin request. No special privileges are needed for the attacker (PR:N), but user interaction (UI:R) is required, typically via social engineering like phishing links. Successful exploitation enables the attacker to perform arbitrary administrative actions on the router, such as modifying WLAN settings, potentially leading to full device compromise.
References for advisories and mitigation include the vendor site at http://dbit.com and a GitHub repository at https://github.com/kirubel-cve/CVE-2026-36956, which likely contains proof-of-concept details or patch information. The vulnerability was published on 2026-04-30.
Details
- CWE(s)