CVE-2026-36957

HIGH

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-36957. PoCs published by kirubel-cve.

AI-analyzed exploit summary The repository contains a functional Python script that demonstrates a Denial of Service (DoS) vulnerability in the Boa web server of Dbit Router firmware V1.0.0 by flooding it with HTTP GET requests to non-existent URIs, leading to resource exhaustion and system hang.

Description

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory buffers. This results in a kernel deadlock or system hang that disables the web management portal and all routing capabilities.

Exploits (1)

github WORKING POC
by kirubel-cve · poc
https://github.com/kirubel-cve/CVE-2026-36957

The repository contains a functional Python script that demonstrates a Denial of Service (DoS) vulnerability in the Boa web server of Dbit Router firmware V1.0.0 by flooding it with HTTP GET requests to non-existent URIs, leading to resource exhaustion and system hang.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Dbit Router Firmware V1.0.0 (Boa Web Server)
No auth needed
Prerequisites: Network access to the target router · Python environment with 'requests' library
devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0034
EPSS Percentile 26.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (1)
dbitnet/dbit_n300_t1_pro_firmware 1.0.0
Published Apr 30, 2026
Tracked Since Apr 30, 2026