Shenzhen Libituo Technology LBT-T300-HW1 Buffer Overflow Vulnerability in Web Management Interface VPN Server Function
Vulnerability
A buffer overflow vulnerability has been identified in the Shenzhen Libituo Technology LBT-T300-HW1 model, affecting versions through 1.2.8. The issue arises in the Web Management Interface, specifically within the 'start_single_service' function. The vulnerability can be exploited remotely by manipulating the 'vpn_pptp_server' or 'vpn_l2tp_server' arguments, leading to a stack overflow that may allow arbitrary command execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary command execution on the device.
Reproduction
The vulnerability can be reproduced by sending a crafted request to the Web Management Interface that includes a payload designed to overflow the buffer in the 'reselov_vpn_server' function. This function retrieves the 'vpn_pptp_server' variable from the device's NVRAM, and the overflow can be exploited to execute arbitrary commands on the device.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.