Skip to content
CVSS 8.8 · HIGH

CVE-2026-7675

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ver en NVD

Análisis

This vulnerability affects a specific model of a Shenzhen Libituo router, which is obscure hardware not commonly used in the MexicoDev community's infrastructure. While it allows for remote buffer overflow, the limited deployment of this specific vendor's products does not warrant a community-wide alert.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-119CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 13.0%
EPSS: 2026-05-06

Descripción técnica

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Publicada: 3/5/2026, 3:16:15
Última modificación: 4/5/2026, 15:19:34

Referencias

InicioEventosBlogRecursosEquipo