Cyber Resilience

CVE-2026-36956

HighPublic PoC

Published: 30 April 2026

Published
30 April 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0017 6.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-36956 is a high-severity CSRF (CWE-352) vulnerability in Dbitnet Dbit N300 T1 Pro Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-36956 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the web management interface of the Dbit N300 T1 Pro wireless router running firmware version V1.0.0. The affected component fails to implement proper CSRF protections, such as anti-CSRF tokens or strict Origin/Referer header validation, on administrative API endpoints. This allows forged HTTP requests to be processed without verifying the request's origin. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for network-accessible exploitation with significant impacts on confidentiality, integrity, and availability.

An attacker can exploit this vulnerability by crafting a malicious webpage that submits forged HTTP requests to sensitive configuration endpoints, such as /api/setWlan. The exploit requires an authenticated administrator to visit the attacker's webpage while logged into the router's web interface; the victim's browser will then automatically include the valid session cookie in the cross-origin request. No special privileges are needed for the attacker (PR:N), but user interaction (UI:R) is required, typically via social engineering like phishing links. Successful exploitation enables the attacker to perform arbitrary administrative actions on the router, such as modifying WLAN settings, potentially leading to full device compromise.

References for advisories and mitigation include the vendor site at http://dbit.com and a GitHub repository at https://github.com/kirubel-cve/CVE-2026-36956, which likely contains proof-of-concept details or patch information. The vulnerability was published on 2026-04-30.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative…

more

API endpoints. An attacker can craft a malicious webpage that sends forged HTTP requests to configuration endpoints such as /api/setWlan. If an authenticated administrator visits the malicious webpage, the victim's browser automatically includes the valid session cookie in the request, allowing the router to process the request as a legitimate administrative action.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CSRF vulnerability in the router's web management interface directly enables exploitation of a public-facing application to perform unauthorized administrative actions via forged requests.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-36957Same product: Dbitnet Dbit N300 T1 Pro
CVE-2025-23467Shared CWE-352
CVE-2018-25170Shared CWE-352
CVE-2025-22336Shared CWE-352
CVE-2025-23821Shared CWE-352
CVE-2025-22582Shared CWE-352
CVE-2025-23639Shared CWE-352
CVE-2024-50858Shared CWE-352
CVE-2025-23558Shared CWE-352
CVE-2026-6455Shared CWE-352

Affected Assets

dbitnet
dbit n300 t1 pro firmware
1.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-23 requires mechanisms to protect communications session authenticity, such as anti-CSRF tokens, SameSite cookies, or origin/referer validation, directly addressing the router's failure to implement CSRF protections on admin API endpoints.

prevent

SI-10 mandates validation of all information inputs to administrative endpoints, rejecting forged requests lacking valid CSRF tokens or proper origin headers.

prevent

SI-2 requires timely identification, prioritization, and correction of system flaws, directly mitigating this CSRF vulnerability through firmware remediation.

References