CVE-2024-27572 in T300-T390info

Summary

by MITRE • 03/01/2024

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/30/2025

The vulnerability identified as CVE-2024-27572 affects LBT T300-T390 devices running firmware version 2.2.1.8, representing a critical stack overflow condition that manifests through the ApCliSsid parameter within the updateCurAPlist function. This flaw resides in the wireless access point's firmware implementation and demonstrates a classic buffer overflow vulnerability that can be exploited through improper input validation mechanisms. The affected device operates within enterprise and industrial networking environments where wireless connectivity is essential for operational continuity. The vulnerability specifically targets the device's ability to process wireless access point lists through the ApCliSsid parameter, which serves as a critical interface for managing wireless client connections and network topology information.

The technical exploitation of this vulnerability occurs when an attacker crafts a malicious POST request containing an oversized ApCliSsid parameter value that exceeds the allocated stack buffer space. This condition triggers a stack overflow that disrupts the normal execution flow of the updateCurAPlist function, causing the device to crash or become unresponsive. The stack overflow represents a CWE-121 vulnerability classification, specifically categorized as a stack-based buffer overflow where insufficient bounds checking allows memory corruption in the program's stack memory region. The attack vector is particularly concerning as it requires only a single crafted HTTP POST request to achieve the denial of service condition, making it highly accessible to attackers with basic network reconnaissance capabilities.

The operational impact of this vulnerability extends beyond simple service disruption, potentially affecting mission-critical network infrastructure that relies on these access points for connectivity. When exploited successfully, the denial of service condition can render the affected wireless access point completely inoperable, disrupting network services and potentially causing cascading failures in larger network deployments. The vulnerability affects devices that may be deployed in sensitive environments such as industrial control systems, healthcare facilities, or corporate networks where uninterrupted wireless connectivity is essential for operations. The DoS condition can persist until manual device reboot or firmware update is performed, creating potential downtime that may last from minutes to hours depending on operational procedures and network redundancy measures.

Mitigation strategies for this vulnerability should prioritize immediate firmware updates from the vendor to address the underlying buffer overflow condition in the updateCurAPlist function. Network administrators should implement network segmentation and access controls to limit exposure of these devices to untrusted networks and reduce the attack surface available to potential attackers. The implementation of input validation controls and parameter sanitization within the device's web interface can provide additional defense-in-depth measures, though these are secondary to the primary firmware update solution. Organizations should also consider implementing intrusion detection systems to monitor for suspicious POST request patterns that may indicate exploitation attempts. From an ATT&CK framework perspective, this vulnerability maps to T1499.004 (Authorization Script Injection) and T1566.001 (Phishing via Service) as attackers may use this vulnerability as part of broader attack chains to gain persistent access to network resources. The vulnerability also aligns with CWE-787 (Out-of-bounds Write) and CWE-129 (Improper Validation of Array Index) classifications, highlighting the need for comprehensive input validation and bounds checking in firmware implementations.

Reservation

02/26/2024

Disclosure

03/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00718

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!