CVE-2026-7675 - Vulnerability Details

- Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

Description

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-05-03

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow flaw exists in the start_lan function of the /apply.cgi script on certain models of the Shenzhen Libituo Technology LBT‑T300‑HW1 router. By manipulating the Channel or ApCliSsid parameter, an attacker can overrun a stack buffer, potentially gaining the ability to execute arbitrary code with the privileges of the web‑server process on the device. The vulnerability enables an attacker to compromise the confidentiality, integrity, and availability of the router remotely if exploited successfully.

Affected Systems

The flaw is present in all firmware releases up to version 1.2.8 of the LBT‑T300‑HW1 product line from Shenzhen Libituo Technology. No other affected products are listed.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity of the bug, and the EPSS score is currently not available. The vulnerability is not yet listed in CISA's KEV catalog, but a public exploit has already been disclosed and the vendor has not yet responded with a fix. Because the attack vector is remote and the web interface is exposed to the network, the risk of exploitation remains high, especially for devices connected directly to the internet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Shenzhen Libituo Technology

LBT-T300-HW1

affected

Version	Status	Constraints
`1.2.0`	affected	—
`1.2.1`	affected	—
`1.2.2`	affected	—
`1.2.3`	affected	—
`1.2.4`	affected	—
`1.2.5`	affected	—
`1.2.6`	affected	—
`1.2.7`	affected	—
`1.2.8`	affected	—

No data.

Vendor Product Confidence Versions

Shenzhen Libituo Technology

Lbt-t300-hw1

100%

Version	Status	Scheme	Platform
`1.2.0`	affected	semver	—
`1.2.1`	affected	semver	—
`1.2.2`	affected	semver	—
`1.2.3`	affected	semver	—
`1.2.4`	affected	semver	—
`1.2.5`	affected	semver	—
`1.2.6`	affected	semver	—
`1.2.7`	affected	semver	—
`1.2.8`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the vendor’s website or support channels for a firmware update that addresses the buffer‑overflow flaw and apply it immediately.
Restrict external access to the router’s web‑management interface by firewall rules, NAT, or placing the device in a demilitarized zone to reduce the attack surface.
If possible, disable or block direct access to the /apply.cgi endpoint or filter the Channel/ApCliSsid parameter to prevent malformed input from reaching the vulnerable code.

Generated by OpenCVE AI on May 3, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/hmKunlun/lbt-t300-hw1/blob/main/generate_conf_router(Channel).md
https://vuldb.com/submit/800708
https://vuldb.com/submit/800709
https://vuldb.com/vuln/360828
https://vuldb.com/vuln/360828/cti

History

Tue, 05 May 2026 01:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 04 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Shenzhen Libituo Technology Shenzhen Libituo Technology lbt-t300-hw1
Vendors & Products		Shenzhen Libituo Technology Shenzhen Libituo Technology lbt-t300-hw1

Sun, 03 May 2026 03:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://github.com/hmKunlun/lbt-t300-hw1/blob/main/generate_conf_router(Channel).md https://vuldb.com/submit/800708 https://vuldb.com/submit/800709 https://vuldb.com/vuln/360828 https://vuldb.com/vuln/360828/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Shenzhen Libituo Technology Lbt-t300-hw1

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-03T02:30:11.945Z

Updated: 2026-05-05T00:33:11.256Z

Reserved: 2026-05-02T08:30:59.221Z

Link: CVE-2026-7675

Vulnrichment

Updated: 2026-05-05T00:33:07.402Z

NVD

Status : Deferred

Published: 2026-05-03T03:16:15.613

Modified: 2026-05-04T15:19:34.637

Link: CVE-2026-7675

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-04T16:06:38Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object