CVE-2024-27568 identifies a stack overflow vulnerability in LBT T300-T390 devices running firmware version 2.2.1.8. The flaw exists in the setupEC20Apn function, specifically through the apn_name_3g parameter, which when supplied with a crafted POST request, causes a stack overflow condition. This vulnerability leads to a Denial of Service (DoS) by crashing or destabilizing the affected device, impacting its availability. The vulnerability does not require authentication or user interaction, making it remotely exploitable over the network. The CVSS 3.1 base score is 6.5, indicating a medium severity level with attack vector as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impact limited to availability (A:H). The underlying weakness corresponds to CWE-121 (Stack-based Buffer Overflow), a common and critical software flaw that can lead to crashes or potential code execution in other contexts, though no such exploitation is indicated here. No patches or exploits are currently publicly known, but the vulnerability poses a risk to devices deployed in telecommunications or IoT environments where LBT T300-T390 devices are used. The lack of authentication requirement and ease of triggering via network requests increase the urgency for mitigation.

The primary impact of CVE-2024-27568 is a Denial of Service condition on affected LBT T300-T390 devices, which can disrupt network connectivity and services relying on these devices. Organizations using these devices in critical infrastructure, such as telecommunications providers, industrial IoT deployments, or enterprise networks, may experience outages or degraded service availability. Although confidentiality and integrity are not directly affected, the loss of availability can have cascading effects on business operations, customer service, and safety-critical systems. The vulnerability’s ease of exploitation without authentication increases the risk of opportunistic attacks, especially in environments where devices are exposed to adjacent networks or the internet. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability remains a significant risk until patched. Additionally, the lack of vendor patches at the time of disclosure necessitates interim mitigations to reduce exposure.

1. Restrict network access to management interfaces of LBT T300-T390 devices, limiting exposure to trusted internal networks only. 2. Implement strict firewall rules and network segmentation to isolate these devices from untrusted or public networks. 3. Monitor network traffic for unusual or malformed POST requests targeting the apn_name_3g parameter or the setupEC20Apn function endpoints. 4. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection tuned to detect exploitation attempts of this stack overflow. 5. Coordinate with the device vendor for timely release and application of firmware patches addressing this vulnerability. 6. Conduct regular vulnerability assessments and penetration testing focusing on these devices to identify potential exploitation paths. 7. Maintain up-to-date asset inventories to quickly identify and remediate affected devices. 8. Educate network administrators about this vulnerability and the importance of limiting device exposure and monitoring.