CVE-2026-7674: Buffer Overflow in Shenzhen Libituo Technology LBT-T300-HW1
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
This vulnerability involves a buffer overflow in the start_single_service function of the Web Management Interface component in Shenzhen Libituo Technology's LBT-T300-HW1 device (versions 1.2.0 through 1.2.8). Remote attackers can exploit this by manipulating the vpn_pptp_server or vpn_l2tp_server parameters, potentially leading to memory corruption. The vendor has not provided any response or patch, and no official remediation level is assigned. The CVSS 4.0 score of 8.7 reflects a high-severity issue with low attack complexity and no required privileges or user interaction.
Potential Impact
Successful exploitation of this buffer overflow could allow remote attackers to cause memory corruption, potentially leading to denial of service or arbitrary code execution on the affected device. Given the high CVSS score and the remote attack vector, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of the device. However, there are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should consider restricting access to the Web Management Interface from untrusted networks as a temporary mitigation. Monitor for any future vendor advisories or patches addressing this vulnerability.
CVE-2026-7674: Buffer Overflow in Shenzhen Libituo Technology LBT-T300-HW1
Description
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a buffer overflow in the start_single_service function of the Web Management Interface component in Shenzhen Libituo Technology's LBT-T300-HW1 device (versions 1.2.0 through 1.2.8). Remote attackers can exploit this by manipulating the vpn_pptp_server or vpn_l2tp_server parameters, potentially leading to memory corruption. The vendor has not provided any response or patch, and no official remediation level is assigned. The CVSS 4.0 score of 8.7 reflects a high-severity issue with low attack complexity and no required privileges or user interaction.
Potential Impact
Successful exploitation of this buffer overflow could allow remote attackers to cause memory corruption, potentially leading to denial of service or arbitrary code execution on the affected device. Given the high CVSS score and the remote attack vector, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of the device. However, there are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should consider restricting access to the Web Management Interface from untrusted networks as a temporary mitigation. Monitor for any future vendor advisories or patches addressing this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-02T08:30:55.245Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f6ada0cbff5d86109381c0
Added to database: 5/3/2026, 2:06:24 AM
Last enriched: 5/3/2026, 2:21:19 AM
Last updated: 5/3/2026, 3:07:07 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.