CVE-2024-27571 is a stack-based buffer overflow vulnerability identified in LBT T300-T390 series devices running firmware version 2.2.1.8. The vulnerability resides in the makeCurRemoteApList function, specifically through improper handling of the ApCliSsid parameter. When processing this parameter in a crafted POST request, the device fails to properly validate input length or bounds, leading to a stack overflow condition. This overflow can overwrite the stack memory, causing the device to crash or reboot unexpectedly, resulting in a Denial of Service (DoS). The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. While no known public exploits have been reported, the ease of exploitation and the direct impact on device availability make this a critical concern for network stability. The vulnerability is tracked under CWE-121 (Stack-based Buffer Overflow) and has been assigned a CVSS v3.1 base score of 7.5, reflecting its high impact on availability with no confidentiality or integrity loss. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by affected organizations.

The primary impact of CVE-2024-27571 is a Denial of Service condition on affected LBT T300-T390 devices. This can disrupt network connectivity and availability, particularly in environments relying on these devices for wireless access or network bridging. Organizations may experience service outages, degraded network performance, and potential operational downtime. Since the vulnerability can be triggered remotely without authentication, attackers can easily target exposed devices, increasing the risk of widespread disruption. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can affect critical business functions, especially in sectors dependent on continuous network access such as telecommunications, enterprise networks, and public infrastructure. The absence of known exploits currently limits immediate widespread impact, but the vulnerability remains a significant risk if weaponized.

To mitigate CVE-2024-27571, organizations should first check for any firmware updates or patches released by LBT addressing this vulnerability and apply them promptly. In the absence of official patches, network administrators should restrict access to the management interfaces of affected devices by implementing network segmentation and firewall rules to block unauthorized POST requests targeting the vulnerable endpoint. Deploying intrusion detection or prevention systems (IDS/IPS) with custom signatures to detect anomalous POST requests containing malformed ApCliSsid parameters can help identify and block exploitation attempts. Additionally, disabling remote management features or restricting them to trusted IP addresses reduces exposure. Regular monitoring of device logs for crashes or unusual reboots can provide early warning signs of exploitation attempts. Finally, organizations should consider replacing vulnerable devices with updated models if patches are unavailable or delayed.