Submit #800709: Libtor Technology <=V1.2.8 Buffer Overflowinfo

TitelLibtor Technology <=V1.2.8 Buffer Overflow
BeschreibungAn unvalidated, attacker-controlled ApCliSsid value submitted via the device’s web management interface is retrieved using the nvram_get function and directly copied into a stack buffer within the generate_conf_router function without adequate length validation or bounds checking. This unsafe memory copy operation triggers a stack-based buffer overflow vulnerability, which can be exploited by a remote attacker to achieve arbitrary remote code execution with elevated privileges on the affected device.
Quelle⚠️ https://github.com/hmKunlun/lbt-t300-hw1/blob/main/generate_conf_router(ApCliSsid).md
Benutzer
 kunlun (UID 95866)
Einreichung09.04.2026 04:42 (vor 2 Monaten)
Moderieren02.05.2026 10:31 (23 days later)
StatusDuplikat
VulDB Eintrag360828 [Shenzhen Libituo Technology LBT-T300-HW1 bis 1.2.8 /apply.cgi start_lan Channel/ApCliSsid Pufferüberlauf]
Punkte0

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!