<0.1% probability · 15.0th percentile — 2026-05-12
Affected versions
Shenzhen Libituo LBT-T300-HW1 firmware up to 1.2.8
Summary
This flaw is a buffer overflow vulnerability located in the web management interface of Libituo LBT-T300-HW1 connected devices. It is triggered by malicious manipulation of the vpn_pptp_server or vpn_l2tp_server arguments in requests to the vulnerable interface. A remote attacker can exploit this issue to achieve remote code execution or crash the affected device. No vendor response was received after coordinated disclosure.
Remediation
Limit access to the device's web management interface to only authorized internal users. Monitor network traffic for unexpected activity originating from affected devices. Install any official firmware updates once released by the vendor, or replace unsupported devices.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.