PT-2024-21951 · Unknown · Lbt T300-T390
Published
2024-03-01
·
Updated
2025-04-30
·
CVE-2024-27568
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
LBT T300-T390 version 2.2.1.8
Description
The issue is related to a stack overflow via the
apn name 3g parameter in the setupEC20Apn function, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request to an unspecified API endpoint.Recommendations
For LBT T300-T390 version 2.2.1.8, consider restricting access to the
setupEC20Apn function until a patch is available. As a temporary workaround, avoid using the apn name 3g parameter in the affected function to minimize the risk of exploitation.Exploit
Fix
DoS
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lbt T300-T390