Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2026-7674: Shenzhen Libituo Technology LBT-T300-HW1 has a Buffer Overflow Risk in Web Interface
CVE-2026-7674
Summary
The Shenzhen Libituo Technology LBT-T300-HW1 device has a flaw in its web management interface that could allow a hacker to execute malicious code remotely. If not addressed, this could lead to unauthorized access to the device or disruption of its services. As the vendor has not responded to this issue, you should consider updating to a newer version of the device or seeking assistance from the manufacturer.
Original title
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulati...
Original description
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 3 May 2026 · Updated: 28 May 2026 · First seen: 3 May 2026