CVE-2025-65427

MEDIUM

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 - Unauthenticated Brute Force via Login Endpoint

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65427. PoCs published by kirubel-cve.

AI-analyzed exploit summary CVE-2025-65427 describes an authentication rate-limiting issue in the Dbit N300 T1 Pro router, allowing brute-force attacks on the `/api/login` endpoint. The PoC demonstrates the absence of rate limiting via HTTP POST requests.

Description

An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.

Exploits (1)

nomisec WORKING POC

by kirubel-cve · poc

https://github.com/kirubel-cve/CVE-2025-65427

View Code ZIP pw:eip

CVE-2025-65427 describes an authentication rate-limiting issue in the Dbit N300 T1 Pro router, allowing brute-force attacks on the `/api/login` endpoint. The PoC demonstrates the absence of rate limiting via HTTP POST requests.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0

No auth needed

Prerequisites: Network access to the router's `/api/login` endpoint

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Not Applicable

http://dbit.com

Broken Link

http://shenzhen.com

Exploit, Third Party Advisory

https://github.com/kirubel-cve/CVE-2025-65427

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 21.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (1)

dbitnet/dbit_n300_t1_pro_firmware 1.0.0

Published Dec 16, 2025

Tracked Since Feb 18, 2026