MidnightBSD

Advisories for libtor

CVE-2024-27567

LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Products Affected

Vendor Product Version
libtor lbt-t300-t390_firmware 2.2.1.8
CVE-2024-27568

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Products Affected

Vendor Product Version
libtor lbt-t300-t390_firmware 2.2.1.8
CVE-2024-27569

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Products Affected

Vendor Product Version
libtor lbt-t300-t390_firmware 2.2.1.8
CVE-2024-27570

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Products Affected

Vendor Product Version
libtor lbt-t300-t390_firmware 2.2.1.8
CVE-2024-27571

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Products Affected

Vendor Product Version
libtor lbt-t300-t390_firmware 2.2.1.8
CVE-2024-27572

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Products Affected

Vendor Product Version
libtor lbt-t300-t390_firmware 2.2.1.8