CVE-2026-7674
Buffer Overflow in LBT-T300-HW1 Web Interface
Publication date: 2026-05-03
Last updated on: 2026-05-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shenzhen_libituo_technology | lbt-t300-hw1 | to 1.2.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow flaw found in the Shenzhen Libituo Technology LBT-T300-HW1 device up to version 1.2.8. It occurs in the Web Management Interface component, specifically in the function start_single_service. The issue arises when the arguments vpn_pptp_server or vpn_l2tp_server are manipulated, leading to a stack overflow.
The vulnerability allows an attacker to execute arbitrary commands remotely by exploiting the way the vpn_pptp_server variable is handled through the nvram_get function in the reselov_vpn_server component. This vulnerability is part of a chain involving functions like start_single_service, connect_vpn, and reselov_vpn_server.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows remote attackers to execute arbitrary commands on the affected device. This can lead to unauthorized control over the device, potentially compromising the confidentiality, integrity, and availability of the system and any connected networks.
Exploitation of this flaw could result in system takeover, data breaches, disruption of services, and further attacks within the network environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a stack overflow triggered by manipulation of the vpn_pptp_server or vpn_l2tp_server arguments via the web management interface. Detection can focus on monitoring or testing the behavior of the start_single_service function and related VPN server components.
Since the vulnerability is triggered by passing crafted input to the vpn_pptp_server parameter, one detection approach is to attempt to query or manipulate this parameter and observe for abnormal behavior or crashes.
Commands or techniques might include sending crafted HTTP requests to the web management interface targeting vpn_pptp_server or vpn_l2tp_server parameters to check for buffer overflow symptoms or unexpected responses.
However, no specific detection commands or tools are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided information.
General best practices would include restricting remote access to the web management interface, especially limiting access to trusted networks or IP addresses.
Disabling the vulnerable VPN services (vpn_pptp_server and vpn_l2tp_server) if not required could reduce exposure.
Monitoring for unusual activity or crashes related to the VPN services may help in early detection of exploitation attempts.
Since the vendor has not responded or provided a patch, consider applying network-level protections such as firewall rules or intrusion prevention systems to block exploit attempts.