CVE-2026-7674

HIGH CVSS 8.8 View on NVD ↗

Description

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/hmKunlun/lbt-t300-hw1/blob/main/reselov_vpn_server%EF%BC%88vpn_pptp_server%EF%BC%89.md
https://vuldb.com/submit/800705
https://vuldb.com/submit/800706
https://vuldb.com/vuln/360827
https://vuldb.com/vuln/360827/cti

Published: May 03, 2026 02:17 UTC Modified: May 03, 2026 02:17 UTC