Vulnerabilities > CVE-2024-27570 - Out-of-bounds Write vulnerability in Libtor Lbt-T300 Firmware and Lbt-T390 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

libtor

CWE-787

NVD

Published: 2024-03-01

Updated: 2025-03-14

Summary

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Vulnerable Configurations

Part	Description	Count
OS	Libtor Libtor LBT T300 Firmware 2.2.1.8 Libtor LBT T390 Firmware 2.2.1.8	2
Hardware	Libtor Libtor LBT T300 * Libtor LBT T390 *	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_conf_router.md
https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_conf_router.md