290 matches found
CVE-2026-36958
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...
CVE-2026-36956
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...
CVE-2026-36957
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...
CVE-2026-36956
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...
PT-2026-36102
Name of the Vulnerable Software and Affected Versions Dbit N300 T1 Pro wireless router version 1.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web management interface. The device fails to implement proper protection mechanisms, such as anti-CSRF tokens or strict...
CVE-2026-36957
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...
U-SPEED N300 跨站请求伪造漏洞
The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a cross-site request forgery vulnerability. This vulnerability stems from the lack of a mechanism to protect against cross-site request forgery in the web management interface. This...
CVE-2026-36956
The affected component is the web management interface of the Dbit N300 T1 Pro wireless router (V1.0.0). The issue is a CSRF vulnerability due to missing anti-CSRF tokens and insufficient Origin/Referer validation on administrative endpoints such as /api/setWlan. If an authenticated administrator...
CVE-2026-36959
U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...
CVE-2026-36958
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...
CVE-2026-36957
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...
CVE-2026-36958
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...
CVE-2026-36958
CVE-2026-36958 affects the U-SPEED N300 router (firmware V1.0.0). The embedded Boa HTTP server is vulnerable to a denial-of-service when a large number of concurrent HTTP requests target random/non-existent web-management endpoints, exhausting resources and rendering the web interface unresponsiv...
Dbit N300 T1 Pro 跨站请求伪造漏洞
The Dbit N300 T1 Pro is a wireless router device produced by the Dbit company. The Dbit N300 T1 Pro V1.0.0 version has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of cross-site request forgeing protection in the web management interface. It may allow...
CVE-2026-36957
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...
CVE-2026-36956
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...
CVE-2026-36956
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...
CVE-2026-36957
The affected device is the Dbit Router, firmware V1.0.0 (Dbit N300 T1 Pro Easy Setup Wireless Wi‑Fi Router). The vulnerability is in the Boa web server URI handler, which can be exploited by sending a high-volume flood of HTTP GET requests to non-existent URIs, causing resource exhaustion (file d...
PT-2026-36104
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...
EUVD-2026-26378
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...