PT-2024-21954 · Unknown · Lbt T300-T390
Published
2024-03-01
·
Updated
2025-04-30
·
CVE-2024-27571
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
LBT T300-T390 version 2.2.1.8
Description
The issue is related to a stack overflow via the
ApCliSsid parameter in the makeCurRemoteApList function, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request.Recommendations
For LBT T300-T390 version 2.2.1.8, consider restricting access to the
makeCurRemoteApList function or avoiding the use of the ApCliSsid parameter until a patch is available. As a temporary workaround, restrict access to the vulnerable function to minimize the risk of exploitation.Exploit
Fix
DoS
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lbt T300-T390