EIP-2026-101962

PRE-CVE

Router ONO Hitron CDE-30364 - Cross-Site Request Forgery

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101962. PoCs published by Matias Mingorance Svensson.

AI-analyzed exploit summary This exploit demonstrates CSRF vulnerabilities in the Hitron CDE-30364 router's web interface, allowing unauthorized parameter changes such as disabling security features or blocking specific URLs. The PoC consists of HTML forms that automatically submit malicious requests to the router's admin endpoints.

Description

Router ONO Hitron CDE-30364 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC
by Matias Mingorance Svensson · textwebappshardware
https://www.exploit-db.com/exploits/28279

This exploit demonstrates CSRF vulnerabilities in the Hitron CDE-30364 router's web interface, allowing unauthorized parameter changes such as disabling security features or blocking specific URLs. The PoC consists of HTML forms that automatically submit malicious requests to the router's admin endpoints.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Hitron Technologies CDE-30364 (HW: 1A, SW: 3.1.0.8-ONO)
No auth needed
Prerequisites: Victim must be authenticated to the router's web interface · Attacker must trick victim into visiting a malicious page
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026