Cyber Resilience

CVE-2026-7675

High

Published: 03 May 2026

Published
03 May 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0070 48.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7675 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7675 is a buffer overflow vulnerability affecting Shenzhen Libituo Technology's LBT-T300-HW1 device firmware versions up to 1.2.8. The issue resides in the start_lan function within the /apply.cgi file, where manipulation of the Channel/ApCliSsid argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A remote attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows high levels of impact on confidentiality, integrity, and availability, likely enabling arbitrary code execution or system compromise through the buffer overflow.

No patches or official mitigations are available, as the vendor was contacted early regarding the disclosure but provided no response. An exploit has been publicly disclosed, including details on GitHub, increasing the risk of active exploitation. Security practitioners should isolate affected devices, restrict access to /apply.cgi, and monitor for anomalous activity, as referenced in VulDB entries.

EU & UK References

Vulnerability details

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out…

more

remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in network-accessible /apply.cgi web interface of device firmware enables remote authenticated attackers to achieve arbitrary code execution/system compromise, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-6630Shared CWE-119, CWE-120
CVE-2026-7055Shared CWE-119, CWE-120
CVE-2026-1162Shared CWE-119, CWE-120
CVE-2025-12232Shared CWE-119, CWE-120
CVE-2025-15459Shared CWE-119, CWE-120
CVE-2025-7463Shared CWE-119, CWE-120
CVE-2026-2202Shared CWE-119, CWE-120
CVE-2026-5980Shared CWE-119, CWE-120
CVE-2026-7857Shared CWE-119, CWE-120
CVE-2026-7057Shared CWE-119, CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates user-supplied inputs like the Channel/ApCliSsid argument in /apply.cgi to prevent buffer overflow exploitation.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to thwart buffer overflow attacks even if invalid inputs reach the start_lan function.

prevent

Enforces least privilege to restrict low-privilege authenticated users from accessing the vulnerable /apply.cgi endpoint and triggering the buffer overflow.

References