CVE-2024-27567 in T300-T390info

Summary

by MITRE • 03/01/2024

LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/30/2025

The vulnerability identified as CVE-2024-27567 affects LBT T300- T390 devices running firmware version v2.2.1.8, representing a critical stack overflow condition that resides within the vpn_client_ip parameter processing of the config_vpn_pptp function. This flaw constitutes a software security weakness that can be exploited through a specifically crafted POST request to the affected device's web interface or API endpoints. The stack overflow occurs when the system fails to properly validate or sanitize input data passed through the vpn_client_ip parameter, allowing malicious actors to manipulate memory allocation patterns and potentially execute arbitrary code or cause system instability.

The technical implementation of this vulnerability stems from inadequate input validation mechanisms within the device's configuration management subsystem, specifically in how it handles PPTP VPN client IP address specifications. When a POST request containing an excessively long or malformed vpn_client_ip parameter is submitted to the config_vpn_pptp function, the device's stack-based buffer management fails to properly handle the overflow condition, leading to memory corruption. This type of vulnerability is classified under CWE-121 Stack-based Buffer Overflow, which represents a well-known and dangerous class of memory corruption vulnerabilities that can be leveraged for various attack vectors including privilege escalation, code execution, or system compromise.

From an operational perspective, this vulnerability presents significant risk to network infrastructure security as it enables remote attackers to trigger a Denial of Service condition without requiring authentication credentials. The attack surface is particularly concerning because it operates through standard web protocols and does not require specialized tools or privileged access. Network administrators and security teams must recognize that successful exploitation could result in complete service disruption for VPN connectivity, potentially affecting remote access capabilities for legitimate users and creating potential entry points for more sophisticated attacks. The vulnerability's impact extends beyond simple service interruption as it represents a foundational security weakness that could be chained with other exploits to achieve broader system compromise.

The mitigation strategies for CVE-2024-27567 should prioritize immediate firmware updates from the vendor to address the underlying buffer overflow condition in the config_vpn_pptp function. Network segmentation and access control measures should be implemented to restrict direct access to affected devices from untrusted networks, while monitoring systems should be deployed to detect anomalous POST request patterns targeting the vulnerable parameter. Security teams should also consider implementing network-based intrusion detection rules that can identify and block malicious requests containing overly long vpn_client_ip parameters or other indicators of exploitation attempts. Additionally, the principle of least privilege should be enforced by limiting access to VPN configuration functions to authorized personnel only, and regular security assessments should be conducted to identify similar input validation weaknesses in other device components that may be susceptible to similar attack vectors.

Organizations should also consider the broader implications of this vulnerability within the context of the ATT&CK framework, particularly under the T1210 Exploitation of Remote Services and T1499 Endpoint Termination categories, as this vulnerability enables attackers to disrupt network services and potentially gain unauthorized access to critical infrastructure. The vulnerability demonstrates the importance of input validation and secure coding practices, aligning with security standards such as the OWASP Top Ten and NIST Cybersecurity Framework, which emphasize the need for robust validation mechanisms and proper memory management in network device software development.

Reservation

02/26/2024

Disclosure

03/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00592

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!