CVE-2024-27567 | LBT T300-T390 2.2.1.8 HTTP POST Request config_vpn_pptp vpn_client_ip stack-based overflow

Posted by Angelo Barbosa | Mar 1, 2024 | CVE

A vulnerability has been found in LBT T300-T390 2.2.1.8 and classified as critical. Affected by this vulnerability is the function config_vpn_pptp of the component HTTP POST Request Handler. The manipulation of the argument vpn_client_ip leads to stack-based buffer overflow.

This vulnerability is known as CVE-2024-27567. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-27567 | LBT T300-T390 2.2.1.8 HTTP POST Request config_vpn_pptp vpn_client_ip stack-based overflow

Related Posts

CVE-2024-45302 | RestSharp up to 111.x RestRequest.AddHeader crlf injection (GHSA-4rr6-2v9v-wcpc)

CVE-2024-45053 | ethyca fides up to 2.43.x Jinja Template special elements used in a template engine (GHSA-c34r-238x-f7qx)

CVE-2023-37117 | Live555 2023.05.10 Setup use after free

CVE-2023-6340 | SonicWall Capture Client/NetExtender Client SFPMonitor.sys out-of-bounds write (SNWLID-2023-6340)