Buffer Overflow Vulnerability in LBT-T300-mini by Shenzhen Libituo Technology
CVE-2024-29244

5.3MEDIUM

Key Information:

Vendor: Shenzhen Libituo Technology Co., Ltd
Status: LBT-T300-mini
Vendor: CVE Published:; 21 March 2024

🔔 Create Shenzhen Libituo Technology Co., Ltd Vulnerability Alert

What is CVE-2024-29244?

A buffer overflow vulnerability has been identified in the LBT-T300-mini v1.2.9, which allows attackers to exploit the parameter pin_code_3g at /apply.cgi. This flaw could facilitate unauthorized actions and potentially impact the security of the device. It is essential for users to apply firmware updates or implement mitigations promptly to safeguard their systems.

References

https://github.com/AdamRitz/lbtvul/blob/main/t300mini-2.md

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Mar 19, 2024

CVE-2024-29244 Data

JSON