CVE-2026-7675

HIGH

Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

Title source: cna
STIX 2.1

Description

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-360828 | Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow
https://vuldb.com/vuln/360828
Signature, Permissions Required signature permissions-required
VDB-360828 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/360828/cti
Third Party Advisory third-party-advisory
Submit #800708 | Libtor Technology lbt-t300-hw1 <=V1.2.8 Buffer Overflow
https://vuldb.com/submit/800708
Third Party Advisory third-party-advisory
Submit #800709 | Libtor Technology <=V1.2.8 Buffer Overflow (Duplicate)
https://vuldb.com/submit/800709

Scores

CVSS v3 8.8
EPSS 0.0005
EPSS Percentile 15.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-119 CWE-120
Status published
Products (9)
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.0
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.1
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.2
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.3
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.4
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.5
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.6
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.7
Shenzhen Libituo Technology/LBT-T300-HW1 1.2.8
Published May 03, 2026
Tracked Since May 03, 2026