Description
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory buffers. This results in a kernel deadlock or system hang that disables the web management portal and all routing capabilities.
Published: 2026-04-30
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Dbit N300 T1 Pro Easy Setup Wireless Wi‑Fi Router V1.0.0 is vulnerable to a denial‑of‑service attack that targets the boa web server URI handler. By sending a high‑volume flood of HTTP GET requests to URIs that do not exist, an attacker can overwhelm the router’s critical system resources such as file descriptors and memory buffers. This exhaustion can lead to a kernel deadlock or complete system hang, disabling the management portal and all routing functions.

Affected Systems

Router models: Dbit N300 T1 Pro, firmware version V1.0.0.

Risk and Exploitability

Based on the description, it is inferred that the vulnerability can be exploited by sending a high‑volume flood of HTTP GET requests over a network to non‑existent URIs, which the router processes via its boa web server URI handler. This can exhaust crucial system resources such as file descriptors and memory buffers, leading to a kernel deadlock or system hang. The EPSS score of 0.0004 indicates a low probability of exploitation, and the issue is not listed in CISA KEV. The CVSS score of 7.5 indicates a high severity rating. The resulting denial of service can disable the web management portal and all routing functions without requiring privileged credentials.

Generated by OpenCVE AI on May 2, 2026 at 12:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the manufacturer’s firmware update that patches the resource‑exhaustion flaw (CWE‑400).
  • Configure an intermediate firewall or IDS to detect and rate‑limit excessive HTTP GET traffic directed at non‑existent URIs, thereby preventing the router from reaching resource limits.
  • If no patch is available, disable the web management interface or relocate it to a dedicated, highly restricted VLAN to minimize exposure to the vulnerable resource‑exhaustion path.

Generated by OpenCVE AI on May 2, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Dbitnet
Dbitnet dbit N300 T1 Pro
Dbitnet dbit N300 T1 Pro Firmware
CPEs cpe:2.3:h:dbitnet:dbit_n300_t1_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:dbitnet:dbit_n300_t1_pro_firmware:1.0.0:*:*:*:*:*:*:*
Vendors & Products Dbitnet
Dbitnet dbit N300 T1 Pro
Dbitnet dbit N300 T1 Pro Firmware

Sat, 02 May 2026 13:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Resource Exhaustion on Dbit N300 T1 Pro Router

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Dbit
Dbit n300 T1 Pro Easy Setup Wireless Wi‑fi Router
Vendors & Products Dbit
Dbit n300 T1 Pro Easy Setup Wireless Wi‑fi Router

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory buffers. This results in a kernel deadlock or system hang that disables the web management portal and all routing capabilities.
References

Subscriptions

Dbit N300 T1 Pro Easy Setup Wireless Wi‑fi Router
Dbitnet Dbit N300 T1 Pro Dbit N300 T1 Pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-30T15:26:27.202Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36957

cve-icon Vulnrichment

Updated: 2026-04-30T15:25:57.531Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T15:16:22.857

Modified: 2026-05-05T02:59:13.053

Link: CVE-2026-36957

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T12:45:42Z

Weaknesses