CVE-2025-65427: An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 doe...
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.
Security readout for executives and security teams
Plain-English summary
CVE-2025-65427 is a login protection weakness in the Dbit N300 T1 Pro Easy Setup Wi-Fi router firmware V1.0.0. The router reportedly allows repeated login attempts without rate limiting, increasing the chance that weak passwords can be guessed remotely.
Executive priority
Treat this as a moderate-priority edge-device hardening issue. Urgency rises if affected routers manage business networks or expose admin access externally.
Technical view
The issue is CWE-307: improper restriction of excessive authentication attempts. The reported vulnerable endpoint is /api/login. CVSS 3.1 is 6.5, with network access, low attack complexity, no privileges, and no user interaction required, but limited confidentiality and integrity impact.
Likely exposure
Exposure is most relevant to organizations using Dbit N300 T1 Pro Easy Setup routers on firmware V1.0.0, especially where the router administration interface is reachable from untrusted networks.
Exploitation context
The CVE is not listed as KEV in the supplied bundle. A public GitHub reference exists, but the provided sources do not establish active exploitation in the wild.
Researcher notes
The affected metadata in the bundle is incomplete, listing vendor and product as n/a, while the CVE description identifies the Dbit N300 T1 Pro Easy Setup router firmware V1.0.0. No patch details are provided in the sources.
Mitigation direction
Check Dbit or device reseller guidance for firmware updates or advisories.
Ensure router administration is not exposed to the public Internet.
Use strong, unique administrator passwords on affected devices.
Restrict management access to trusted internal networks or VPNs.
Monitor authentication failures and suspicious management login activity.
Validation and detection
Inventory Dbit N300 T1 Pro routers and confirm firmware versions.
Verify whether administrative interfaces are reachable from untrusted networks.
Review logs for repeated failed login attempts against management endpoints.
Confirm whether any vendor firmware or configuration mitigation is available.
Test rate-limiting behavior only in an authorized controlled environment.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-307: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-307 · source CWE mapping
Improper Restriction of Excessive Authentication Attempts
Improper Restriction of Excessive Authentication Attempts represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.