<0.1% probability · 15.0th percentile — 2026-05-12
Affected versions
Shenzhen Libituo LBT-T300-HW1 firmware up to 1.2.8
Summary
This is a remotely exploitable buffer overflow in the start_lan function of the /apply.cgi endpoint on Libituo LBT-T300-HW1 connected networking devices. A remote attacker can trigger the flaw by sending a malicious request with an overlong Channel or ApCliSsid argument. Successful exploitation can result in remote code execution or a full device crash. The vendor did not respond to coordinated disclosure of the vulnerability.
Remediation
Restrict access to the device's web management interface to only trusted IP addresses and internal networks. Isolate affected devices from public internet access if no patch is available. Replace unsupported devices for long-term production or network use.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.