Vulnerability Description
A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Szlbt | Lbt-T300-T310 Firmware | <= 2.2.3.6 |
| Szlbt | Lbt-T300-T310 | - |
Related Weaknesses (CWE)
References
- https://github.com/FLY200503/IoT-vul/tree/master/LBT-T300ExploitThird Party Advisory
- https://vuldb.com/?ctiid.314991Permissions RequiredVDB Entry
- https://vuldb.com/?id.314991Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.603012Third Party AdvisoryVDB Entry
- https://github.com/FLY200503/IoT-vul/tree/master/LBT-T300ExploitThird Party Advisory
FAQ
What is CVE-2025-7077?
CVE-2025-7077 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of th...
How severe is CVE-2025-7077?
CVE-2025-7077 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7077?
Check the references section above for vendor advisories and patch information. Affected products include: Szlbt Lbt-T300-T310 Firmware, Szlbt Lbt-T300-T310.