Search criteria
4 vulnerabilities found for LBT-T300-T310 by Shenzhen Libituo Technology
CVE-2025-8019 (GCVE-0-2025-8019)
Vulnerability from cvelistv5 – Published: 2025-07-22 15:32 – Updated: 2025-07-23 15:02
VLAI?
Title
Shenzhen Libituo Technology LBT-T300-T310 appy.cgi sub_40B6F0 buffer overflow
Summary
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Libituo Technology | LBT-T300-T310 |
Affected:
2.2.3.6
|
Credits
wuee (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8019",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T15:02:30.229445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T15:02:32.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md#payload"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LBT-T300-T310",
"vendor": "Shenzhen Libituo Technology",
"versions": [
{
"status": "affected",
"version": "2.2.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wuee (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6 ausgemacht. Dies betrifft die Funktion sub_40B6F0 der Datei at/appy.cgi. Durch Manipulation des Arguments wan_proto mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:32:05.676Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317222 | Shenzhen Libituo Technology LBT-T300-T310 appy.cgi sub_40B6F0 buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317222"
},
{
"name": "VDB-317222 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317222"
},
{
"name": "Submit #619530 | Shenzhen Rio Tinto Technology Co., Ltd. LBT-T300-T310 v2.2.3.6 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619530"
},
{
"tags": [
"related"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md#payload"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-22T09:25:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shenzhen Libituo Technology LBT-T300-T310 appy.cgi sub_40B6F0 buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8019",
"datePublished": "2025-07-22T15:32:05.676Z",
"dateReserved": "2025-07-22T07:20:31.264Z",
"dateUpdated": "2025-07-23T15:02:32.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7077 (GCVE-0-2025-7077)
Vulnerability from cvelistv5 – Published: 2025-07-06 06:32 – Updated: 2025-07-07 16:22
VLAI?
Title
Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow
Summary
A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Libituo Technology | LBT-T300-T310 |
Affected:
2.2.3.0
Affected: 2.2.3.1 Affected: 2.2.3.2 Affected: 2.2.3.3 Affected: 2.2.3.4 Affected: 2.2.3.5 Affected: 2.2.3.6 |
Credits
FLY200503 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7077",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T16:22:03.747142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T16:22:06.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FLY200503/IoT-vul/tree/master/LBT-T300"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LBT-T300-T310",
"vendor": "Shenzhen Libituo Technology",
"versions": [
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.3.1"
},
{
"status": "affected",
"version": "2.2.3.2"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.2.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "FLY200503 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Shenzhen Libituo Technology LBT-T300-T310 bis 2.2.3.6 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion config_3g_para der Datei /appy.cgi. Mittels Manipulieren des Arguments username_3g/password_3g mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-06T06:32:05.492Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314991 | Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314991"
},
{
"name": "VDB-314991 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314991"
},
{
"name": "Submit #603012 | LinBle LBT-T300-T310 v2.2.3.6 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.603012"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/FLY200503/IoT-vul/tree/master/LBT-T300"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-05T14:30:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7077",
"datePublished": "2025-07-06T06:32:05.492Z",
"dateReserved": "2025-07-05T12:24:52.381Z",
"dateUpdated": "2025-07-07T16:22:06.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8019 (GCVE-0-2025-8019)
Vulnerability from nvd – Published: 2025-07-22 15:32 – Updated: 2025-07-23 15:02
VLAI?
Title
Shenzhen Libituo Technology LBT-T300-T310 appy.cgi sub_40B6F0 buffer overflow
Summary
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Libituo Technology | LBT-T300-T310 |
Affected:
2.2.3.6
|
Credits
wuee (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8019",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T15:02:30.229445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T15:02:32.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md#payload"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LBT-T300-T310",
"vendor": "Shenzhen Libituo Technology",
"versions": [
{
"status": "affected",
"version": "2.2.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wuee (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6 ausgemacht. Dies betrifft die Funktion sub_40B6F0 der Datei at/appy.cgi. Durch Manipulation des Arguments wan_proto mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:32:05.676Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317222 | Shenzhen Libituo Technology LBT-T300-T310 appy.cgi sub_40B6F0 buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317222"
},
{
"name": "VDB-317222 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317222"
},
{
"name": "Submit #619530 | Shenzhen Rio Tinto Technology Co., Ltd. LBT-T300-T310 v2.2.3.6 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619530"
},
{
"tags": [
"related"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/turing-wue/IoT-vul/blob/main/LBT-T300/README.md#payload"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-22T09:25:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shenzhen Libituo Technology LBT-T300-T310 appy.cgi sub_40B6F0 buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8019",
"datePublished": "2025-07-22T15:32:05.676Z",
"dateReserved": "2025-07-22T07:20:31.264Z",
"dateUpdated": "2025-07-23T15:02:32.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7077 (GCVE-0-2025-7077)
Vulnerability from nvd – Published: 2025-07-06 06:32 – Updated: 2025-07-07 16:22
VLAI?
Title
Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow
Summary
A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shenzhen Libituo Technology | LBT-T300-T310 |
Affected:
2.2.3.0
Affected: 2.2.3.1 Affected: 2.2.3.2 Affected: 2.2.3.3 Affected: 2.2.3.4 Affected: 2.2.3.5 Affected: 2.2.3.6 |
Credits
FLY200503 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7077",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T16:22:03.747142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T16:22:06.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FLY200503/IoT-vul/tree/master/LBT-T300"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LBT-T300-T310",
"vendor": "Shenzhen Libituo Technology",
"versions": [
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.3.1"
},
{
"status": "affected",
"version": "2.2.3.2"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.2.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "FLY200503 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Shenzhen Libituo Technology LBT-T300-T310 bis 2.2.3.6 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion config_3g_para der Datei /appy.cgi. Mittels Manipulieren des Arguments username_3g/password_3g mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-06T06:32:05.492Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314991 | Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314991"
},
{
"name": "VDB-314991 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314991"
},
{
"name": "Submit #603012 | LinBle LBT-T300-T310 v2.2.3.6 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.603012"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/FLY200503/IoT-vul/tree/master/LBT-T300"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-05T14:30:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7077",
"datePublished": "2025-07-06T06:32:05.492Z",
"dateReserved": "2025-07-05T12:24:52.381Z",
"dateUpdated": "2025-07-07T16:22:06.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}