CVE-2026-7675— Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Shenzhen Libituo Technology LBT-T300-HW1 缓冲区错误漏洞

Shenzhen Libituo Technology LBT-T300-HW1是中国力必拓科技（Shenzhen Libituo Technology）公司的一款工业路由器。 Shenzhen Libituo Technology LBT-T300-HW1 1.2.8及之前版本存在缓冲区错误漏洞，该漏洞源于文件/apply.cgi的函数start_lan对参数Channel/ApCliSsid的操作，可能导致缓冲区溢出。

N/A

N/A