CVE-2025-65427
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dbit | n300_t1_pro_easy_setup_wireless_wifi_router | v1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router firmware version V1.0.0. It is caused by the lack of rate limiting on the /api/login endpoint, which allows attackers to perform brute-force password attacks by repeatedly sending login requests without restriction. This flaw is classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts). Attackers can automate these attempts to guess passwords and gain unauthorized access to the router. [2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows attackers to gain administrative access to the router by brute forcing login credentials. With administrative access, attackers can change router configurations, modify DNS settings, or update the firmware. This can lead to network compromise, interception of traffic, redirection to malicious sites, or persistent control over the network device. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for excessive or repeated POST requests to the /api/login endpoint of the Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router. Since the server returns session tokens even after failed login attempts, you can use tools like curl or Python requests to simulate brute-force attempts and observe the responses. For example, you can use curl commands to send multiple POST requests with different username and password combinations to /api/login and check if the server continues to respond without rate limiting. Monitoring network logs for a high volume of POST requests to /api/login from the same source IP can also indicate exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /api/login endpoint by implementing rate limiting or blocking repeated failed login attempts at the network or firewall level. If possible, update the router firmware to a version that addresses this vulnerability. Additionally, monitor login attempts and consider changing default credentials to strong, unique passwords to reduce the risk of successful brute-force attacks. [2]