CVE-2026-7674
published 2026-05-03CVE-2026-7674: A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.48%
37.9th percentile
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
| shenzhen_libituo_technology | lbt-t300-hw1 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jw73-3w4r-mp3q: A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1
ghsa_unreviewed·2026-05-03
CVE-2026-7674 [HIGH] CWE-119 GHSA-jw73-3w4r-mp3q: A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB
Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8 Web Management Interface start_single_service vpn_pptp_server/vpn_l2tp_server buffer overflow
vuldb·2026-05-02
CVE-2026-7674 [CRITICAL] Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8 Web Management Interface start_single_service vpn_pptp_server/vpn_l2tp_server buffer overflow
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8 and classified as critical. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow.
This vulnerability is handled as CVE-2026-7674. The attack can be executed remotely. There is not any exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-03
Published