Skip to main content

LBT-T300-HW1 EUVDEUVD-2026-26808

| CVE-2026-7674 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-03 VulDB
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
May 03, 2026 - 02:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 03, 2026 - 02:22 vuln.today
cvss_changed
CVSS changed
May 03, 2026 - 02:22 NVD
8.8 (HIGH) 8.7 (HIGH)
Analysis Generated
May 03, 2026 - 02:15 vuln.today
EUVD ID Assigned
May 03, 2026 - 02:00 euvd
EUVD-2026-26808
Analysis Generated
May 03, 2026 - 02:00 vuln.today
CVE Published
May 03, 2026 - 01:30 nvd
HIGH 8.7

DescriptionCVE.org

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Shenzhen Libituo Technology LBT-T300-HW1 router (versions up to 1.2.8) allows authenticated remote attackers to achieve complete system compromise via crafted VPN server parameters in the web management interface. The vulnerability affects the start_single_service function when processing vpn_pptp_server or vpn_l2tp_server arguments, resulting in high impact to confidentiality, integrity, and availability. EPSS score not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Public technical documentation exists on GitHub. Vendor non-responsive to disclosure, indicating no official patch likely available.

Technical ContextAI

This is a classic stack or heap buffer overflow (CWE-120) in embedded router firmware's web management interface. The vulnerable start_single_service function in LBT-T300-HW1 firmware versions through 1.2.8 fails to validate input length when processing VPN server configuration parameters (vpn_pptp_server and vpn_l2tp_server arguments). When an authenticated administrator submits oversized values through the web interface, the unbounded copy operation overwrites adjacent memory regions. This vulnerability class is common in IoT/router firmware developed without memory-safe languages or proper bounds checking, particularly in devices from smaller manufacturers with limited security development practices. The affected product is a hardware router from Shenzhen Libituo Technology, likely deployed in SOHO or small business environments for VPN connectivity.

RemediationAI

No vendor-released patch identified at time of analysis due to manufacturer non-responsiveness to disclosure. Primary recommendation: replace affected LBT-T300-HW1 devices with alternative router hardware from vendors with established security response programs. If immediate replacement is not feasible, implement defense-in-depth controls: (1) Restrict web management interface access to trusted internal networks only via firewall rules - block all external access to admin ports, though this eliminates remote management capability. (2) Enforce strong unique administrative passwords and enable account lockout policies to prevent credential compromise, though this only raises the bar rather than eliminating risk. (3) Deploy network segmentation to isolate the router's management plane from general user traffic. (4) Disable PPTP and L2TP VPN services if not operationally required, directly removing the vulnerable code path but eliminating VPN functionality. (5) Monitor authentication logs for suspicious admin login attempts. Note all mitigations are compensating controls that reduce attack surface but do not fix the underlying memory corruption vulnerability - replacement remains the only complete remediation.

Share

EUVD-2026-26808 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy