A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulat…

A buffer overflow vulnerability has been discovered in Shenzhen Libituo Technology LBT-T300-HW1 devices running firmware up to version 1.2.8. The vulnerability affects the start_lan function in the /apply.cgi file, where manipulation of the Channel/ApCliSsid argument leads to buffer overflow conditions. The vulnerability can be exploited remotely, making it particularly dangerous for network-connected devices. Public exploits have been disclosed and are available for use by attackers. The vendor was notified about this security issue but failed to respond or provide any remediation. This represents a significant security risk for users of these devices as active exploitation is possible.