Lucene search
K

292 matches found

NVD
NVD
added 2026/06/26 10:16 p.m.11 views

CVE-2026-38571

Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...

4.6CVSS0.00113EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.6 views

CVE-2026-38571

Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...

4.6CVSS6AI score0.00113EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

7.5CVSS5.4AI score0.00323EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

8.8CVSS5.5AI score0.00163EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

7.5CVSS5.5AI score0.00323EPSS
Exploits2References1
NVD
NVD
added 2026/04/30 3:16 p.m.8 views

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

8.8CVSS0.00163EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.37 views

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

0.00323EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.36 views

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

0.00323EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

Dbit N300 T1 Pro 跨站请求伪造漏洞

The Dbit N300 T1 Pro is a wireless router device produced by the Dbit company. The Dbit N300 T1 Pro V1.0.0 version has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of cross-site request forgeing protection in the web management interface. It may allow...

8.8CVSS5.7AI score0.00163EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.5 views

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

7.5CVSS5.4AI score0.00323EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26378

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

7.5CVSS5.4AI score0.00323EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.5 views

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

5.5AI score0.00163EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.9 views

PT-2026-36102

Name of the Vulnerable Software and Affected Versions Dbit N300 T1 Pro wireless router version 1.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web management interface. The device fails to implement proper protection mechanisms, such as anti-CSRF tokens or strict...

8.8CVSS5.8AI score0.00163EPSS
Exploits1References5
CVE
CVE
added 2026/04/30 12:0 a.m.11 views

CVE-2026-36958

CVE-2026-36958 affects the U-SPEED N300 router (firmware V1.0.0). The embedded Boa HTTP server is vulnerable to a denial-of-service when a large number of concurrent HTTP requests target random/non-existent web-management endpoints, exhausting resources and rendering the web interface unresponsiv...

7.5CVSS5.4AI score0.00323EPSS
Exploits2References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.9 views

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

8.8CVSS5.4AI score0.00163EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

5.3AI score0.00323EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.4 views

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

5.4AI score0.00323EPSS
Exploits2References2
CVE
CVE
added 2026/04/30 12:0 a.m.17 views

CVE-2026-36956

The affected component is the web management interface of the Dbit N300 T1 Pro wireless router (V1.0.0). The issue is a CSRF vulnerability due to missing anti-CSRF tokens and insufficient Origin/Referer validation on administrative endpoints such as /api/setWlan. If an authenticated administrator...

8.8CVSS5.5AI score0.00163EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

U-SPEED N300 跨站请求伪造漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a cross-site request forgery vulnerability. This vulnerability stems from the lack of a mechanism to protect against cross-site request forgery in the web management interface. This...

8.8CVSS5.7AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36104

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

7.5CVSS5.3AI score0.00323EPSS
Exploits2References3
Rows per page
Query Builder