Perceptive Security
SOC/SIEM Consultancy
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulat…
Published:
2 May 2026 at 22:00:00
Alert date:
3 May 2026 at 04:00:50
Source:
nvd.nist.gov
Mobile & IoT, Network Infrastructure
A buffer overflow vulnerability has been discovered in Shenzhen Libituo Technology LBT-T300-HW1 devices running firmware up to version 1.2.8. The vulnerability affects the start_lan function in the /apply.cgi file, where manipulation of the Channel/ApCliSsid argument leads to buffer overflow conditions. The vulnerability can be exploited remotely, making it particularly dangerous for network-connected devices. Public exploits have been disclosed and are available for use by attackers. The vendor was notified about this security issue but failed to respond or provide any remediation. This represents a significant security risk for users of these devices as active exploitation is possible.
Technical details
Mitigation steps:
Affected products:
Shenzhen Libituo Technology LBT-T300-HW1
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-7675
https://github.com/hmKunlun/lbt-t300-hw1/blob/main/generate_conf_router(Channel).md
https://vuldb.com/submit/800708
https://vuldb.com/submit/800709
https://vuldb.com/vuln/360828
https://vuldb.com/vuln/360828/cti
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.