Skip to main content

LBT-T300-HW1 EUVDEUVD-2026-26809

| CVE-2026-7675 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-03 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
PoC Detected
May 04, 2026 - 15:19 vuln.today
Public exploit code
Analysis Generated
May 03, 2026 - 03:30 vuln.today
CVSS changed
May 03, 2026 - 03:22 NVD
8.8 (HIGH) 7.4 (HIGH)
EUVD ID Assigned
May 03, 2026 - 03:00 euvd
EUVD-2026-26809
Analysis Generated
May 03, 2026 - 03:00 vuln.today
CVE Published
May 03, 2026 - 02:30 nvd
HIGH 7.4

DescriptionCVE.org

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Shenzhen Libituo Technology LBT-T300-HW1 router firmware versions up to 1.2.8 allows remote authenticated attackers to achieve complete system compromise via crafted Channel/ApCliSsid parameters to /apply.cgi endpoint. Publicly available exploit code exists (GitHub POC), enabling attackers to execute arbitrary code and gain full control of affected devices. EPSS data not available, but combination of public exploit (CVSS E:P) and network-accessible attack vector represents elevated risk for internet-facing router deployments. Vendor unresponsive to disclosure.

Technical ContextAI

This vulnerability affects the start_lan function in /apply.cgi endpoint of LBT-T300-HW1 router firmware, specifically in wireless configuration handling. The underlying issue is a classic stack-based buffer overflow (CWE-120) where user-supplied data in the Channel or ApCliSsid parameters is copied to a fixed-size buffer without proper bounds checking. The affected CPE (cpe:2.3:a:shenzhen_libituo_technology:lbt-t300-hw1) identifies this as a Shenzhen Libituo Technology hardware product, likely a wireless router or access point given the SSID-related parameters. Buffer overflows in embedded device web interfaces are particularly dangerous because they typically run with elevated privileges and lack modern exploit mitigations like ASLR or stack canaries common in enterprise operating systems.

RemediationAI

No vendor-released patch identified at time of analysis - manufacturer did not respond to early disclosure per VulDB submission 800708/800709. Recommended compensating controls with trade-offs: (1) Disable remote administrative access to the web interface (management interface should only be accessible from trusted internal networks) - this eliminates network attack vector but requires physical or VPN access for configuration changes. (2) Implement strong authentication with complex passwords exceeding 16 characters and disable default credentials - reduces PR:L exploitation likelihood but does not eliminate vulnerability. (3) Deploy the device behind a properly configured firewall with strict access controls to port 80/443 management interfaces, whitelisting only specific administrator IP addresses - adds defense-in-depth but creates operational overhead. (4) Monitor authentication logs for brute-force attempts and failed login patterns - provides detection but not prevention. (5) Consider replacement with actively maintained alternative products from vendors with established security response programs - highest security posture but incurs hardware costs. For affected deployments that cannot be replaced immediately, combining controls 1, 2, and 3 provides best risk reduction. Validate that remote management is truly disabled by external port scanning. Reference: VulDB advisory https://vuldb.com/vuln/360828 and exploit analysis https://github.com/hmKunlun/lbt-t300-hw1/blob/main/generate_conf_router(Channel).md

Share

EUVD-2026-26809 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy