Stack Overflow Vulnerability in LBT-T300-T400 by Shenzhen Libituo Technology Co., Ltd
CVE-2024-40535

9.8CRITICAL

Key Information:

Vendor: Shenzhen Libituo Technology Co., Ltd
Status: LBT-T300-T400
Vendor: CVE Published:; 16 July 2024

🔔 Create Shenzhen Libituo Technology Co., Ltd Vulnerability Alert

What is CVE-2024-40535?

The LBT-T300-T400 device from Shenzhen Libituo Technology Co., Ltd has been identified as vulnerable to a stack overflow exploit due to improper handling of the apn_name_3g parameter within the config_3g_para function. This vulnerability could allow an attacker to manipulate the stack memory, potentially leading to execution of arbitrary code or causing the device to crash, posing significant security risks.

References

https://github.com/tt01bolt/vul/blob/main/LBT-T300-T400_B...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024

CVE-2024-40535 Data

JSON