CVE-2024-27569: n/a
CVE-2024-27569 is a stack overflow vulnerability found in LBT T300-T390 devices running firmware version 2. 2. 1. 8. The flaw exists in the init_nvram function, specifically triggered by the ApCliSsid parameter. An attacker can exploit this by sending a crafted POST request, causing a Denial of Service (DoS) condition. The vulnerability does not require authentication or user interaction, and it impacts availability without affecting confidentiality or integrity. The CVSS score is 6. 5 (medium severity), reflecting the ease of remote exploitation and the resulting service disruption. No known exploits are currently reported in the wild, and no patches have been published yet.
AI Analysis
Technical Summary
CVE-2024-27569 identifies a stack overflow vulnerability in LBT T300-T390 devices with firmware version 2.2.1.8. The vulnerability resides in the init_nvram function, which processes the ApCliSsid parameter. When a specially crafted POST request containing a malicious ApCliSsid value is sent to the device, it triggers a stack overflow condition. This overflow can cause the device to crash or reboot unexpectedly, resulting in a Denial of Service (DoS). The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The weakness is classified under CWE-121 (Stack-based Buffer Overflow), a common and dangerous software flaw that can lead to system instability. The CVSS v3.1 base score of 6.5 reflects a medium severity, driven by the attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability, with no confidentiality or integrity loss. No public exploits or patches are currently known, indicating that the vulnerability might be newly discovered or not yet weaponized. The affected devices are typically used in network environments, making them critical points of failure if exploited.
Potential Impact
The primary impact of CVE-2024-27569 is the potential for Denial of Service on affected LBT T300-T390 devices. These devices are often deployed in enterprise or industrial network environments, so a successful exploit could disrupt network connectivity, degrade service availability, and interrupt business operations. Since the vulnerability can be triggered remotely without authentication, attackers within the network or adjacent networks could cause repeated device crashes, leading to persistent outages. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can have cascading effects on dependent systems and services. Organizations relying on these devices for critical infrastructure or operational technology may experience significant downtime, impacting productivity and potentially safety in industrial contexts. The absence of known exploits reduces immediate risk but also means organizations should proactively monitor and prepare for potential future attacks.
Mitigation Recommendations
To mitigate CVE-2024-27569, organizations should first identify all LBT T300-T390 devices running firmware version 2.2.1.8 within their networks. Since no official patches are currently available, immediate mitigation involves network-level controls such as restricting access to device management interfaces to trusted hosts and networks only. Implementing firewall rules to block unsolicited POST requests targeting the vulnerable parameter can reduce exposure. Network segmentation should be employed to isolate these devices from untrusted or less secure network segments. Monitoring network traffic for anomalous POST requests containing suspicious ApCliSsid values can help detect exploitation attempts. Vendors and users should prioritize firmware updates once patches are released. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. Regular backups and failover configurations can minimize downtime in case of successful DoS attacks. Finally, maintain close communication with the vendor for timely security advisories and updates.
Affected Countries
United States, Germany, Japan, South Korea, China, United Kingdom, France, Canada, Australia, India
CVE-2024-27569: n/a
Description
CVE-2024-27569 is a stack overflow vulnerability found in LBT T300-T390 devices running firmware version 2. 2. 1. 8. The flaw exists in the init_nvram function, specifically triggered by the ApCliSsid parameter. An attacker can exploit this by sending a crafted POST request, causing a Denial of Service (DoS) condition. The vulnerability does not require authentication or user interaction, and it impacts availability without affecting confidentiality or integrity. The CVSS score is 6. 5 (medium severity), reflecting the ease of remote exploitation and the resulting service disruption. No known exploits are currently reported in the wild, and no patches have been published yet.
AI-Powered Analysis
Technical Analysis
CVE-2024-27569 identifies a stack overflow vulnerability in LBT T300-T390 devices with firmware version 2.2.1.8. The vulnerability resides in the init_nvram function, which processes the ApCliSsid parameter. When a specially crafted POST request containing a malicious ApCliSsid value is sent to the device, it triggers a stack overflow condition. This overflow can cause the device to crash or reboot unexpectedly, resulting in a Denial of Service (DoS). The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The weakness is classified under CWE-121 (Stack-based Buffer Overflow), a common and dangerous software flaw that can lead to system instability. The CVSS v3.1 base score of 6.5 reflects a medium severity, driven by the attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability, with no confidentiality or integrity loss. No public exploits or patches are currently known, indicating that the vulnerability might be newly discovered or not yet weaponized. The affected devices are typically used in network environments, making them critical points of failure if exploited.
Potential Impact
The primary impact of CVE-2024-27569 is the potential for Denial of Service on affected LBT T300-T390 devices. These devices are often deployed in enterprise or industrial network environments, so a successful exploit could disrupt network connectivity, degrade service availability, and interrupt business operations. Since the vulnerability can be triggered remotely without authentication, attackers within the network or adjacent networks could cause repeated device crashes, leading to persistent outages. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can have cascading effects on dependent systems and services. Organizations relying on these devices for critical infrastructure or operational technology may experience significant downtime, impacting productivity and potentially safety in industrial contexts. The absence of known exploits reduces immediate risk but also means organizations should proactively monitor and prepare for potential future attacks.
Mitigation Recommendations
To mitigate CVE-2024-27569, organizations should first identify all LBT T300-T390 devices running firmware version 2.2.1.8 within their networks. Since no official patches are currently available, immediate mitigation involves network-level controls such as restricting access to device management interfaces to trusted hosts and networks only. Implementing firewall rules to block unsolicited POST requests targeting the vulnerable parameter can reduce exposure. Network segmentation should be employed to isolate these devices from untrusted or less secure network segments. Monitoring network traffic for anomalous POST requests containing suspicious ApCliSsid values can help detect exploitation attempts. Vendors and users should prioritize firmware updates once patches are released. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. Regular backups and failover configurations can minimize downtime in case of successful DoS attacks. Finally, maintain close communication with the vendor for timely security advisories and updates.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-02-26T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d80b7ef31ef0b57dd88
Added to database: 2/25/2026, 9:45:36 PM
Last enriched: 2/26/2026, 11:07:04 AM
Last updated: 2/26/2026, 11:11:46 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk
HighCVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
HighCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.