Skip to content
CVSS 8.8 · HIGH

CVE-2026-7674

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Ver en NVD

Análisis

This vulnerability affects an obscure industrial or cellular router model from Shenzhen Libituo Technology. While it allows for a remote buffer overflow via the web management interface, the hardware is not widely used in standard software development or common server infrastructure stacks.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-119CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 13.0%
EPSS: 2026-05-06

Descripción técnica

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Publicada: 3/5/2026, 2:17:12
Última modificación: 4/5/2026, 15:19:34

Referencias

InicioEventosBlogRecursosEquipo