Dbit N300 T1 Pro Wireless Router Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router, specifically in firmware version 1.0.0. The router lacks adequate CSRF protection, such as anti-CSRF tokens or strict validation of Origin/Referer headers for administrative API endpoints. This vulnerability allows an attacker to create a malicious webpage that sends forged HTTP requests to configuration endpoints. If an authenticated administrator visits the page, the router processes the request as a legitimate action, potentially leading to unauthorized changes in the router's settings.

Impact

Exploitation of this vulnerability could result in unauthorized modifications to the router's WiFi settings, including the SSID and password, as well as changes to WAN and DNS configurations. Additionally, it could cause a denial-of-service for legitimate users and allow for a complete takeover of the router's configuration.

Reproduction

To reproduce this vulnerability, save the provided proof-of-concept HTML code as 'poc.html' and open it in a browser while logged into the router as an administrator. The router will accept and process the forged request without rejecting it due to a CSRF token mismatch.

Remediation

To address this vulnerability, implement anti-CSRF tokens on all state-changing endpoints, enforce strict validation of Origin and Referer headers, and use the SameSite=Strict attribute for session cookies.