Skip to main content

Lbt T300 Hw1

2 CVEs product

Monthly

CVE-2026-7675 HIGH POC This Week

Buffer overflow in Shenzhen Libituo Technology LBT-T300-HW1 router firmware versions up to 1.2.8 allows remote authenticated attackers to achieve complete system compromise via crafted Channel/ApCliSsid parameters to /apply.cgi endpoint. Publicly available exploit code exists (GitHub POC), enabling attackers to execute arbitrary code and gain full control of affected devices. EPSS data not available, but combination of public exploit (CVSS E:P) and network-accessible attack vector represents elevated risk for internet-facing router deployments. Vendor unresponsive to disclosure.

Buffer Overflow Lbt T300 Hw1
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7674 HIGH This Week

Buffer overflow in Shenzhen Libituo Technology LBT-T300-HW1 router (versions up to 1.2.8) allows authenticated remote attackers to achieve complete system compromise via crafted VPN server parameters in the web management interface. The vulnerability affects the start_single_service function when processing vpn_pptp_server or vpn_l2tp_server arguments, resulting in high impact to confidentiality, integrity, and availability. EPSS score not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Public technical documentation exists on GitHub. Vendor non-responsive to disclosure, indicating no official patch likely available.

Buffer Overflow Lbt T300 Hw1
NVD VulDB GitHub
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Shenzhen Libituo Technology LBT-T300-HW1 router firmware versions up to 1.2.8 allows remote authenticated attackers to achieve complete system compromise via crafted Channel/ApCliSsid parameters to /apply.cgi endpoint. Publicly available exploit code exists (GitHub POC), enabling attackers to execute arbitrary code and gain full control of affected devices. EPSS data not available, but combination of public exploit (CVSS E:P) and network-accessible attack vector represents elevated risk for internet-facing router deployments. Vendor unresponsive to disclosure.

Buffer Overflow Lbt T300 Hw1
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Buffer overflow in Shenzhen Libituo Technology LBT-T300-HW1 router (versions up to 1.2.8) allows authenticated remote attackers to achieve complete system compromise via crafted VPN server parameters in the web management interface. The vulnerability affects the start_single_service function when processing vpn_pptp_server or vpn_l2tp_server arguments, resulting in high impact to confidentiality, integrity, and availability. EPSS score not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Public technical documentation exists on GitHub. Vendor non-responsive to disclosure, indicating no official patch likely available.

Buffer Overflow Lbt T300 Hw1
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy