CVE-2026-7675: Shenzhen Libituo LBT-T300-HW1 Buffer Overflow Exposed

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-120
CVE-2026-7675: Shenzhen Libituo LBT-T300-HW1 Buffer Overflow Exposed

A critical buffer overflow vulnerability, identified as CVE-2026-7675, has been discovered in Shenzhen Libituo Technology’s LBT-T300-HW1 devices, affecting versions up to 1.2.8. The National Vulnerability Database (NVD) reports this flaw stems from improper handling of the Channel/ApCliSsid argument within the start_lan function of the /apply.cgi file. This is a remote exploit, meaning attackers don’t need local access to trigger it.

The CVSSv3.1 score for CVE-2026-7675 is a high 8.8, reflecting its severe impact: complete compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) with low attack complexity and no user interaction required (AC:L/UI:N). The NVD notes the exploit details are publicly disclosed, increasing the immediate risk. Shenzhen Libituo Technology was reportedly contacted but has not responded, leaving devices unpatched and vulnerable.

This isn’t theoretical; the public disclosure means active exploitation is a real threat. Organizations using these devices face a direct path to network compromise. Attackers will leverage this to gain initial access, pivot deeper into networks, or simply disrupt operations. The lack of vendor response means defenders are on their own to mitigate this risk, and fast.

What This Means For You

  • If your organization uses Shenzhen Libituo Technology LBT-T300-HW1 devices, you are directly exposed to CVE-2026-7675. Given the public exploit and lack of vendor patch, immediate action is required. Isolate these devices from critical networks, or better yet, replace them. Audit network logs for any unusual activity originating from or targeting these devices.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-7675: LBT-T300-HW1 start_lan Buffer Overflow Attempt

Sigma YAML — free preview 
title: CVE-2026-7675: LBT-T300-HW1 start_lan Buffer Overflow Attempt
id: scw-2026-05-03-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-7675 by targeting the start_lan function in /apply.cgi on Shenzhen Libituo LBT-T300-HW1 devices. The exploit involves manipulating the 'Channel' and 'ApCliSsid' parameters to trigger a buffer overflow, allowing for remote code execution.
author: SCW Feed Engine (AI-generated)
date: 2026-05-03
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7675/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/apply.cgi'
      cs-uri-query|contains:
          - 'Channel=' 
          - 'ApCliSsid='
      cs-method|contains:
          - 'POST'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7675 Buffer Overflow Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8
CVE-2026-7675 Buffer Overflow Vulnerable function: start_lan in /apply.cgi
CVE-2026-7675 Buffer Overflow Vulnerable argument: Channel/ApCliSsid

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 03, 2026 at 06:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7674: Libituo LBT-T300-HW1 Buffer Overflow Poses Remote Risk

CVE-2026-7674 — A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 5 Sigma

CVE-2026-7673 — Crmeb_java Unrestricted File Upload

CVE-2026-7673 — A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload....

vulnerabilityCVEmedium-severityunrestricted-file-uploadcwe-284cwe-434
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-7672 — Youlaitech Youlai-Boot SQL Injection

CVE-2026-7672 — A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma