Skip to main content

Dbit N300 T1 Pro Firmware

1 CVEs product

Monthly

CVE-2025-65427 MEDIUM POC This Month

Unauthenticated remote brute-force of the Dbit N300 T1 Pro wireless router (firmware V1.0.0) is trivially achievable because the /api/login endpoint imposes no rate limiting, account lockout, or throttling of any kind. Any attacker with network access to the management interface can attempt unlimited password guesses until admin credentials are found. A publicly available proof-of-concept exploit exists on GitHub; however, EPSS at 0.29% (21st percentile) and absence from CISA KEV suggest exploitation remains limited in practice, likely constrained by the product's small market footprint.

Information Disclosure Dbit N300 T1 Pro Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Unauthenticated remote brute-force of the Dbit N300 T1 Pro wireless router (firmware V1.0.0) is trivially achievable because the /api/login endpoint imposes no rate limiting, account lockout, or throttling of any kind. Any attacker with network access to the management interface can attempt unlimited password guesses until admin credentials are found. A publicly available proof-of-concept exploit exists on GitHub; however, EPSS at 0.29% (21st percentile) and absence from CISA KEV suggest exploitation remains limited in practice, likely constrained by the product's small market footprint.

Information Disclosure Dbit N300 T1 Pro Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy