Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Buffer overflow in Shenzhen Libituo Technology LBT-T300-HW1 router firmware versions up to 1.2.8 allows remote authenticated attackers to achieve complete system compromise via crafted Channel/ApCliSsid parameters to /apply.cgi endpoint. Publicly available exploit code exists (GitHub POC), enabling attackers to execute arbitrary code and gain full control of affected devices. EPSS data not available, but combination of public exploit (CVSS E:P) and network-accessible attack vector represents elevated risk for internet-facing router deployments. Vendor unresponsive to disclosure.
Technical ContextAI
This vulnerability affects the start_lan function in /apply.cgi endpoint of LBT-T300-HW1 router firmware, specifically in wireless configuration handling. The underlying issue is a classic stack-based buffer overflow (CWE-120) where user-supplied data in the Channel or ApCliSsid parameters is copied to a fixed-size buffer without proper bounds checking. The affected CPE (cpe:2.3:a:shenzhen_libituo_technology:lbt-t300-hw1) identifies this as a Shenzhen Libituo Technology hardware product, likely a wireless router or access point given the SSID-related parameters. Buffer overflows in embedded device web interfaces are particularly dangerous because they typically run with elevated privileges and lack modern exploit mitigations like ASLR or stack canaries common in enterprise operating systems.
RemediationAI
No vendor-released patch identified at time of analysis - manufacturer did not respond to early disclosure per VulDB submission 800708/800709. Recommended compensating controls with trade-offs: (1) Disable remote administrative access to the web interface (management interface should only be accessible from trusted internal networks) - this eliminates network attack vector but requires physical or VPN access for configuration changes. (2) Implement strong authentication with complex passwords exceeding 16 characters and disable default credentials - reduces PR:L exploitation likelihood but does not eliminate vulnerability. (3) Deploy the device behind a properly configured firewall with strict access controls to port 80/443 management interfaces, whitelisting only specific administrator IP addresses - adds defense-in-depth but creates operational overhead. (4) Monitor authentication logs for brute-force attempts and failed login patterns - provides detection but not prevention. (5) Consider replacement with actively maintained alternative products from vendors with established security response programs - highest security posture but incurs hardware costs. For affected deployments that cannot be replaced immediately, combining controls 1, 2, and 3 provides best risk reduction. Validate that remote management is truly disabled by external port scanning. Reference: VulDB advisory https://vuldb.com/vuln/360828 and exploit analysis https://github.com/hmKunlun/lbt-t300-hw1/blob/main/generate_conf_router(Channel).md
More in Lbt T300 Hw1
View allSame weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26809