Skip to content
CVSS 8.8 · HIGH

CVE-2026-7674

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

View on NVD

Analysis

This vulnerability affects an obscure industrial or cellular router model from Shenzhen Libituo Technology. While it allows for a remote buffer overflow via the web management interface, the hardware is not widely used in standard software development or common server infrastructure stacks.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-119CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 13.0%
EPSS: 2026-05-06

Technical description

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 5/3/2026, 2:17:12 AM
Last modified: 5/4/2026, 3:19:34 PM

References

HomeEventsBlogResourcesTeam