CVE-2026-7675
HIGH · 8.8Real vuln, disclosed PoC public, but no KEV status or defender triage reports yet.
What: Buffer overflow in Shenzhen Libituo LBT-T300-HW1 apply.cgi start_lan function via Channel/ApCliSsid argument manipulation; affects firmware ≤1.2.8. CVSS 8.8 (HIGH).
Why it matters: Public exploit disclosed; vendor unresponsive to early disclosure. Remote attack vector on IoT/network device. Not KEV-listed yet, but active PoC availability and vendor non-response elevate triage priority for organizations running affected hardware.
Where it's seen: Automated CVE alert feeds and security news aggregators (CVEarity, Bluesky infosec accounts, threat radar services, journalist coverage). No evidence of widespread in-the-wild scanning or mass exploitation chatter; mostly alert automation and early researcher sharing.
RISK: HIGH — Remote buffer overflow, public PoC, unpatched device, vendor unresponsive.
AttackerKB
view on attackerkb.com →A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Public PoCs on GitHub 5 repos
- sderosiaux/every-single-day-i-tldr ★ 331
A daily digest of the articles or videos I've found interesting, that I want to share with you.
- cometkim/awesome-list ★ 22
My personal awesome list based on GitHub stars
- svg153/awesome-stars ★ 11
- brimstone/stars ★ 2
My starred GitHub repositories
- getquoteonline/NSNPartLookup.com-Lookup-Order-NSN-NIIN-Cage-Code-Parts ★ 0
NSNPartLookup.com – Lookup & Order NSN, NIIN, Cage Code Parts
Articles & coverage 14 articles
- CVE-2026-7675 - Exploits & Severity - Feedly
This vulnerability is uniquely identified as CVE-2026-7675 . The attack is possible to be carried out remotely. Moreover, an exploit is present.
- CVE-2026-21385: Qualcomm Sm7675p Use-After-Free Flaw
# CVE-2026-21385: Qualcomm Sm7675p Use-After-Free Flaw. CVE-2026-21385 is a use-after-free vulnerability in Qualcomm Sm7675p Firmware caused by memory corruption during memory allocation alignments. ## CVE-2026-21385 Overview. CVE-2026-21385 is a memory corruption vulnerability affecting a wide range of Qualcomm chipsets and firmware. The vulnerability occurs when improper memory alignments are us
- RHSA-2026:7675 - Security Advisory - Red Hat Customer Portal
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score
- AlmaLinux 10 : nodejs24 (ALSA-2026:7675) | Tenable®
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7675 advisory.
- NVD - CVE-2026-31675
| URL | Source(s) | Tag(s) | | --- | --- | --- | | | kernel.org | | | | kernel.org | | | | kernel.org | | | | kernel.org | | | | kernel.org | | Weakness Enumeration | CWE-ID | CWE Name | Source | | --- | --- | --- | Change History 1 change records found show changes **New CVE Received from kernel.org 4/25/2026 5:16:01 AM** | Action | Type | Old Value | New Value | | --- | --- | ---
› NVD details 2 CWE ·0 vendors · 5 refs expand
Description
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Top posts driving the trend
@vuldbX · 5/3/2026A severe vulnerability was disclosed for Shenzhen Libituo Technology LBT-T300-HW1 (CVE-2026-7675) https://t.co/rRNBsfRxzQ
♥ 1 · ↻ 1 · 💬 0
@CVEarityX · 5/3/2026⚡ New CVE Alert: CVE-2026-7675 📊 Severity: 8.8 🚨 Risk Level: High 🧩 Affects: Multiple / Unspecified Products Reference: https://t.co/uafIf4iZcg #CVE-2026-7675 #CVE #High #CyberSecurity #InfoSec https://t.co/I9B3PcPEmx
♥ 0 · ↻ 0 · 💬 0- @postac001.bsky.socialBluesky · 5/3/2026
Shenzhen Libituo LBT-T300-HW1 v1.2.8以前のapply.cgiにあるstart_lan機能のChannel/ApCliSsid引数操作でバッファオーバーフローが発生… CVE-2026-7675 CVSS 8.8 | HIGH
♥ 0 · ↻ 0 · 💬 0 - @cve.skyfleet.blueBluesky · 5/3/2026
CVE-2026-7675 - Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow CVE ID : CVE-2026-7675 Published : May 3, 2026, 3:16 a.m. | 1 hour, 4 minutes ago Description : A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1...
♥ 0 · ↻ 0 · 💬 0 - @offseq.bsky.socialBluesky · 5/3/2026
Shenzhen Libituo LBT-T300-HW1 (1.2.0 – 1.2.8) hit by HIGH-severity buffer overflow. No patch — restrict network access & monitor for fixes. Public exploit code out. https://radar.offseq.com/threat/cve-2026-7675-buffer-overflow-in-shenzhen-libituo--9cc00f70 #OffSeq #IoTSecurity #Vulnerability
♥ 0 · ↻ 0 · 💬 0 - @thehackerwire.bsky.socialBluesky · 5/3/2026
🟠 CVE-2026-7675 - High (8.8) A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted ... https://www.thehackerwire.com/vulnerability/CVE-2026-7675/ #infosec #cybersecurity #CVE #vulnerability #security #patchstack
♥ 0 · ↻ 0 · 💬 0
