CVE-2026-7674

Summary

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Shenzhen Libituo TechnologyLBT-T300-HW11.2.0affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.1affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.2affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.3affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.4affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.5affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.6affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.7affected
Shenzhen Libituo TechnologyLBT-T300-HW11.2.8affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References