CVE-2024-27567 is a stack-based buffer overflow vulnerability identified in LBT T300-T390 series devices running firmware version 2.2.1.8. The vulnerability resides in the config_vpn_pptp function, which processes the vpn_client_ip parameter. When a specially crafted POST request is sent to the device targeting this parameter, it causes a stack overflow condition. This overflow can disrupt normal execution flow, leading to a Denial of Service (DoS) by crashing the VPN service or the entire device. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow). Exploitation does not require authentication privileges but does require the attacker to send a crafted POST request, implying some level of user interaction or network access. The CVSS v3.1 base score is 6.5, indicating a medium severity impact primarily on availability (A:H), with no impact on confidentiality or integrity. No known exploits have been reported in the wild, and no official patches or mitigations have been released at the time of publication. This vulnerability could be leveraged by attackers to disrupt VPN connectivity, potentially impacting remote access capabilities for organizations relying on these devices.

The primary impact of CVE-2024-27567 is the disruption of VPN services through a Denial of Service attack, which can prevent legitimate users from establishing or maintaining VPN connections. This can severely affect organizations that depend on these LBT devices for secure remote access, potentially halting business operations or remote workforce productivity. Although the vulnerability does not expose sensitive data or allow unauthorized access, the loss of availability can lead to operational downtime and increased support costs. In critical infrastructure or high-security environments, such service interruptions could have cascading effects on business continuity and incident response capabilities. Since exploitation requires sending a crafted POST request, attackers with network access to the device’s management or VPN interface could trigger the DoS. The absence of known exploits and patches currently limits immediate risk, but the medium severity score and ease of triggering the vulnerability warrant proactive mitigation.

To mitigate CVE-2024-27567, organizations should first restrict network access to the VPN management interfaces, limiting exposure to trusted IP addresses or VPN users only. Implement network segmentation and firewall rules to prevent unauthorized external access to the vulnerable devices. Monitor network traffic for unusual POST requests targeting the vpn_client_ip parameter or abnormal VPN service crashes. Since no official patches are available, coordinate with the vendor for firmware updates or advisories addressing this vulnerability. Consider deploying intrusion detection or prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. As a temporary workaround, disabling PPTP VPN functionality if not required can reduce attack surface. Regularly review device logs and conduct vulnerability scans to identify affected devices and verify mitigation effectiveness. Finally, maintain an incident response plan to quickly address potential DoS incidents impacting VPN availability.