38 matches found
CVE-2026-7674
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function startsingleservice of the component Web Management Interface. Executing a manipulation of the argument vpnpptpserver/vpnl2tpserver can lead to buffer overflow. The attack can be executed...
CVE-2026-7675
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-7675
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...
EUVD-2026-26809
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-7675 Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-7675 Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-7675
CVE-2026-7675 affects Shenzhen Libituo Technology LBT-T300-HW1 devices older than or equal to 1.2.8. The vulnerability is in the function start_lan of the file /apply.cgi , where manipulation of the argument Channel/ApCliSsid leads to a buffer overflow . The issue is exploitable remotely, and pub...
CVE-2026-7674
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function startsingleservice of the component Web Management Interface. Executing a manipulation of the argument vpnpptpserver/vpnl2tpserver can lead to buffer overflow. The attack can be executed...
CVE-2026-7674 Shenzhen Libituo Technology LBT-T300-HW1 Web Management start_single_service buffer overflow
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function startsingleservice of the component Web Management Interface. Executing a manipulation of the argument vpnpptpserver/vpnl2tpserver can lead to buffer overflow. The attack can be executed...
CVE-2026-7674
Affects Shenzhen Libituo Technology LBT-T300-HW1 (firmware up to 1.2.8). The Web Management Interface’s start_single_service function is vulnerable when handling vpn_pptp_server/vpn_l2tp_server arguments, enabling a remote buffer overflow. No remediation or patch details are provided in the docum...
PT-2026-36676
Name of the Vulnerable Software and Affected Versions Shenzhen Libituo Technology LBT-T300-HW1 versions prior to 1.2.8 Description A remote buffer overflow can occur due to the manipulation of the Channel/ApCliSsid argument in the start lan function within the '/apply.cgi' endpoint. A buffer...
PT-2026-36673
Name of the Vulnerable Software and Affected Versions Shenzhen Libituo Technology LBT-T300-HW1 versions prior to 1.2.8 Description A buffer overflow exists in the Web Management Interface component. A remote attacker can trigger this issue by manipulating the vpn pptp server or vpn l2tp server...
MB connect line mbNET 安全漏洞
MB Connect Line mbNET is an industrial router from MB Connect Line, Germany. A security vulnerability exists in MB connect line mbNET HW1 and mbNET/mbNET.rokey, which stems from an undocumented method of bypassing the LUA sandbox and could lead to the execution of arbitrary OS commands...
CVE-2023-34356
An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2023-34354
A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...
CVE-2023-34356
An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2023-35194
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...
CVE-2023-34354
A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...
Command injection
An OS command injection vulnerability exists in the admin.cgi MVPNtrialinit functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Command injection
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...