PT-2024-21950 · Unknown · Lbt T300-T390
Published
2024-03-01
·
Updated
2025-04-30
·
CVE-2024-27567
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
LBT T300- T390 version 2.2.1.8
Description
The issue is related to a stack overflow via the
vpn client ip parameter in the config vpn pptp function, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request.Recommendations
For version 2.2.1.8, consider restricting access to the
config vpn pptp function to minimize the risk of exploitation. Avoid using the vpn client ip parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lbt T300-T390