Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-7675: Shenzhen Libituo Technology LBT-T300-HW1: Remote Command Injection via Config Change
CVE-2026-7675
Summary
A security flaw in the LBT-T300-HW1 router allows an attacker to execute unauthorized commands on the device by sending a specially crafted configuration change request. This could potentially give the attacker control over the router. Users should update to a fixed version of the firmware to protect themselves from exploitation.
Original title
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid...
Original description
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 3 May 2026 · Updated: 23 May 2026 · First seen: 3 May 2026