{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/shenzhen-libituo-technology/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7675"}],"_cs_exploited":false,"_cs_products":["LBT-T300-HW1 (\u003c= 1.2.8)"],"_cs_severities":["critical"],"_cs_tags":["buffer overflow","remote code execution","web application vulnerability"],"_cs_type":"threat","_cs_vendors":["Shenzhen Libituo Technology"],"content_html":"\u003cp\u003eA buffer overflow vulnerability, identified as CVE-2026-7675, affects Shenzhen Libituo Technology LBT-T300-HW1 devices with firmware versions up to 1.2.8. The vulnerability resides in the \u003ccode\u003estart_lan\u003c/code\u003e function within the \u003ccode\u003e/apply.cgi\u003c/code\u003e file. By manipulating the \u003ccode\u003eChannel/ApCliSsid\u003c/code\u003e argument, a remote attacker can trigger a buffer overflow, potentially leading to arbitrary code execution. Publicly available exploit code exists for this vulnerability. The vendor was notified about the vulnerability, but there has been no response. This vulnerability is considered critical due to the potential for remote exploitation and the availability of exploit code.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Shenzhen Libituo Technology LBT-T300-HW1 device running firmware version 1.2.8 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/apply.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request includes a specially crafted \u003ccode\u003eChannel/ApCliSsid\u003c/code\u003e argument designed to overflow the buffer in the \u003ccode\u003estart_lan\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003estart_lan\u003c/code\u003e function receives the malicious input and attempts to process it without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow occurs, overwriting adjacent memory regions, including potentially the return address on the stack.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the program execution flow by overwriting the return address with the address of malicious code.\u003c/li\u003e\n\u003cli\u003eThe injected code executes with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, potentially gaining full control of the device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the affected device. Given that this is a router, this could lead to complete compromise of the device, including the ability to intercept and manipulate network traffic, install malware, or use the device as part of a botnet. Due to the public availability of the exploit, widespread exploitation is possible.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply network intrusion detection system (NIDS) rules to detect and block malicious HTTP requests targeting \u003ccode\u003e/apply.cgi\u003c/code\u003e with excessively long \u003ccode\u003eChannel/ApCliSsid\u003c/code\u003e values.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect-LBT-T300-HW1-applycgi-buffer-overflow\u003c/code\u003e to your SIEM and tune for your environment to identify exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/apply.cgi\u003c/code\u003e and analyze the length of the \u003ccode\u003eChannel/ApCliSsid\u003c/code\u003e parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-03T03:16:15Z","date_published":"2026-05-03T03:16:15Z","id":"/briefs/2026-05-lbt-t300-hw1-buffer-overflow/","summary":"A buffer overflow vulnerability exists in Shenzhen Libituo Technology LBT-T300-HW1 version 1.2.8 and earlier, allowing remote attackers to execute arbitrary code by manipulating the Channel/ApCliSsid argument in the start_lan function of the /apply.cgi file.","title":"Shenzhen Libituo Technology LBT-T300-HW1 Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-lbt-t300-hw1-buffer-overflow/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7674"}],"_cs_exploited":false,"_cs_products":["LBT-T300-HW1 (\u003c= 1.2.8)"],"_cs_severities":["critical"],"_cs_tags":["buffer-overflow","web-management-interface","cve-2026-7674"],"_cs_type":"threat","_cs_vendors":["Shenzhen Libituo Technology"],"content_html":"\u003cp\u003eA buffer overflow vulnerability, identified as CVE-2026-7674, affects Shenzhen Libituo Technology LBT-T300-HW1 devices up to version 1.2.8. The vulnerability resides within the Web Management Interface, specifically in the \u003ccode\u003estart_single_service\u003c/code\u003e function. By sending a crafted request to the device and manipulating the \u003ccode\u003evpn_pptp_server\u003c/code\u003e or \u003ccode\u003evpn_l2tp_server\u003c/code\u003e arguments, an attacker can trigger a buffer overflow, potentially leading to arbitrary code execution. This vulnerability can be exploited remotely, making it a significant threat to affected devices. The vendor was notified but did not respond, increasing the risk of exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable LBT-T300-HW1 device with version 1.2.8 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the Web Management Interface.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a payload designed to overflow the buffer when processing the \u003ccode\u003evpn_pptp_server\u003c/code\u003e or \u003ccode\u003evpn_l2tp_server\u003c/code\u003e arguments.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the \u003ccode\u003estart_single_service\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003estart_single_service\u003c/code\u003e function attempts to process the overly long input without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow overwrites adjacent memory regions, including potentially executable code or critical data structures.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the device by redirecting execution flow to attacker-controlled code injected into the buffer.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the device, potentially gaining persistent access or causing denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the affected LBT-T300-HW1 device. This could lead to complete system compromise, including data theft, modification of device settings, or use of the device as a bot in a larger attack. Given the lack of vendor response, many devices could be vulnerable if exposed to the internet.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious VPN Server Configuration via Web Interface\u003c/code\u003e to detect potential exploitation attempts targeting the vulnerable \u003ccode\u003estart_single_service\u003c/code\u003e function in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusually long strings passed as values for \u003ccode\u003evpn_pptp_server\u003c/code\u003e and \u003ccode\u003evpn_l2tp_server\u003c/code\u003e parameters in HTTP requests to the device\u0026rsquo;s web interface.\u003c/li\u003e\n\u003cli\u003eApply any available patches or firmware updates released by Shenzhen Libituo Technology to address CVE-2026-7674.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-03T02:17:12Z","date_published":"2026-05-03T02:17:12Z","id":"/briefs/2026-05-lbt-t300-hw1-bo/","summary":"A buffer overflow vulnerability (CVE-2026-7674) exists in the Web Management Interface of Shenzhen Libituo Technology LBT-T300-HW1 devices, allowing remote attackers to execute arbitrary code by manipulating the vpn_pptp_server or vpn_l2tp_server arguments in the start_single_service function.","title":"Shenzhen Libituo Technology LBT-T300-HW1 Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-lbt-t300-hw1-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — Shenzhen Libituo Technology","version":"https://jsonfeed.org/version/1.1"}