CVE-2026-7674

HIGH

Shenzhen Libituo Technology LBT-T300-HW1 Web Management start_single_service buffer overflow

Title source: cna

Description

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory

Submit #800706 | Libtor Technology lbt-t300-hw1 <=V1.2.8 Buffer Overflow (Duplicate)

https://vuldb.com/submit/800706

View Writeup ZIP pw:eip

Vdb Entry, Technical Description vdb-entry technical-description

VDB-360827 | Shenzhen Libituo Technology LBT-T300-HW1 Web Management start_single_service buffer overflow

https://vuldb.com/vuln/360827

Signature, Permissions Required signature permissions-required

VDB-360827 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/360827/cti

Third Party Advisory third-party-advisory

Submit #800705 | Libtor Technology lbt-t300-hw1 <=V1.2.8 Buffer Overflow

https://vuldb.com/submit/800705

Scores

CVSS v3 8.8

EPSS 0.0005

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (9)

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.0

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.1

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.2

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.3

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.4

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.5

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.6

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.7

Shenzhen Libituo Technology/LBT-T300-HW1 1.2.8

Published May 03, 2026

Tracked Since May 03, 2026