Search criteria
11 vulnerabilities by LB-LINK
CVE-2025-9580 (GCVE-0-2025-9580)
Vulnerability from cvelistv5 – Published: 2025-08-28 19:02 – Updated: 2025-08-28 19:58
VLAI?
Title
LB-LINK BL-X26 HTTP set_blacklist os command injection
Summary
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9580",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T19:58:21.204966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T19:58:24.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-2/B-Link%20X26%20V1.2.8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-2/B-Link%20X26%20V1.2.8.md#3poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Handler"
],
"product": "BL-X26",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.2.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LB-LINK BL-X26 1.2.8 entdeckt. Betroffen ist eine unbekannte Funktion der Datei /goform/set_blacklist der Komponente HTTP Handler. Dank Manipulation des Arguments mac mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T19:02:06.830Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321693 | LB-LINK BL-X26 HTTP set_blacklist os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321693"
},
{
"name": "VDB-321693 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321693"
},
{
"name": "Submit #636083 | LB-LINK BL-X26 v1.2.8 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.636083"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-2/B-Link%20X26%20V1.2.8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-2/B-Link%20X26%20V1.2.8.md#3poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-28T14:20:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-X26 HTTP set_blacklist os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9580",
"datePublished": "2025-08-28T19:02:06.830Z",
"dateReserved": "2025-08-28T12:15:26.934Z",
"dateUpdated": "2025-08-28T19:58:24.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9579 (GCVE-0-2025-9579)
Vulnerability from cvelistv5 – Published: 2025-08-28 18:32 – Updated: 2025-08-28 18:41
VLAI?
Title
LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection
Summary
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9579",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:41:56.264428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:41:59.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md#3-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Handler"
],
"product": "BL-X26",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.2.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in LB-LINK BL-X26 1.2.8 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/set_hidessid_cfg der Komponente HTTP Handler. Dank der Manipulation des Arguments enable mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:32:09.759Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321692 | LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321692"
},
{
"name": "VDB-321692 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321692"
},
{
"name": "Submit #636082 | LB-LINK BL-X26 v1.2.8 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.636082"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md#3-poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-28T14:20:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9579",
"datePublished": "2025-08-28T18:32:09.759Z",
"dateReserved": "2025-08-28T12:15:16.188Z",
"dateUpdated": "2025-08-28T18:41:59.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7574 (GCVE-0-2025-7574)
Vulnerability from cvelistv5 – Published: 2025-07-14 05:02 – Updated: 2025-07-14 13:59
VLAI?
Title
LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication
Summary
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
9.8 (Critical)
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7574",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T13:59:04.509974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T13:59:10.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "BL-AC1900",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AC2100_AZ3",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AX1800",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AX5400P",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-WR9000",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 bis 20250702 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion reboot/restore der Datei /cgi-bin/lighttpd.cgi der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T05:02:05.631Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316272 | LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316272"
},
{
"name": "VDB-316272 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316272"
},
{
"name": "Submit #608018 | Blink BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 Incorrect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.608018"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T09:21:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7574",
"datePublished": "2025-07-14T05:02:05.631Z",
"dateReserved": "2025-07-13T07:16:48.181Z",
"dateUpdated": "2025-07-14T13:59:10.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7573 (GCVE-0-2025-7573)
Vulnerability from cvelistv5 – Published: 2025-07-14 04:44 – Updated: 2025-07-14 14:00
VLAI?
Title
LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure
Summary
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T14:00:36.947012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T14:00:44.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BL-AC1900",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC2100_AZ3",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX1800",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX5400P",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-WR9000",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 bis 20250702 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion bs_GetManPwd in der Bibliothek libblinkapi.so der Datei /cgi-bin/lighttpd.cgi. Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T04:44:05.217Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316271 | LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316271"
},
{
"name": "VDB-316271 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316271"
},
{
"name": "Submit #608010 | Blink BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 Informati",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.608010"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T09:21:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7573",
"datePublished": "2025-07-14T04:44:05.217Z",
"dateReserved": "2025-07-13T07:16:45.492Z",
"dateUpdated": "2025-07-14T14:00:44.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7572 (GCVE-0-2025-7572)
Vulnerability from cvelistv5 – Published: 2025-07-14 04:32 – Updated: 2025-07-14 13:20
VLAI?
Title
LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure
Summary
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7572",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T13:18:49.015863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T13:20:49.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BL-AC1900",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC2100_AZ3",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX1800",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX5400P",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-WR9000",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 bis 20250702 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion bs_GetHostInfo in der Bibliothek libblinkapi.so der Datei /cgi-bin/lighttpd.cgi. Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T04:32:06.275Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316270 | LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316270"
},
{
"name": "VDB-316270 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316270"
},
{
"name": "Submit #608009 | Blink BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 Exposure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.608009"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T09:21:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7572",
"datePublished": "2025-07-14T04:32:06.275Z",
"dateReserved": "2025-07-13T07:16:43.264Z",
"dateUpdated": "2025-07-14T13:20:49.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7565 (GCVE-0-2025-7565)
Vulnerability from cvelistv5 – Published: 2025-07-14 02:44 – Updated: 2025-07-14 14:01
VLAI?
Title
LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure
Summary
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LB-LINK | BL-AC3600 |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 Affected: 1.0.5 Affected: 1.0.6 Affected: 1.0.7 Affected: 1.0.8 Affected: 1.0.9 Affected: 1.0.10 Affected: 1.0.11 Affected: 1.0.12 Affected: 1.0.13 Affected: 1.0.14 Affected: 1.0.15 Affected: 1.0.16 Affected: 1.0.17 Affected: 1.0.18 Affected: 1.0.19 Affected: 1.0.20 Affected: 1.0.21 Affected: 1.0.22 |
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7565",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T13:58:57.216037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T14:01:09.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.7"
},
{
"status": "affected",
"version": "1.0.8"
},
{
"status": "affected",
"version": "1.0.9"
},
{
"status": "affected",
"version": "1.0.10"
},
{
"status": "affected",
"version": "1.0.11"
},
{
"status": "affected",
"version": "1.0.12"
},
{
"status": "affected",
"version": "1.0.13"
},
{
"status": "affected",
"version": "1.0.14"
},
{
"status": "affected",
"version": "1.0.15"
},
{
"status": "affected",
"version": "1.0.16"
},
{
"status": "affected",
"version": "1.0.17"
},
{
"status": "affected",
"version": "1.0.18"
},
{
"status": "affected",
"version": "1.0.19"
},
{
"status": "affected",
"version": "1.0.20"
},
{
"status": "affected",
"version": "1.0.21"
},
{
"status": "affected",
"version": "1.0.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in LB-LINK BL-AC3600 bis 1.0.22 gefunden. Dabei betrifft es die Funktion geteasycfg der Datei /cgi-bin/lighttpd.cgi der Komponente Web Management Interface. Mit der Manipulation des Arguments Password mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T02:44:05.555Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316263 | LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316263"
},
{
"name": "VDB-316263 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316263"
},
{
"name": "Submit #605632 | Blink BL-AC3600 V1.0.22 Exposure of Sensitive Information Through Metadata",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.605632"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T23:17:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7565",
"datePublished": "2025-07-14T02:44:05.555Z",
"dateReserved": "2025-07-12T21:12:00.698Z",
"dateUpdated": "2025-07-14T14:01:09.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7564 (GCVE-0-2025-7564)
Vulnerability from cvelistv5 – Published: 2025-07-14 02:32 – Updated: 2025-07-14 14:47
VLAI?
Title
LB-LINK BL-AC3600 shadow hard-coded credentials
Summary
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7564",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T14:47:54.696580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T14:47:58.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Hardcoded_Credentials_in_BL-AC3600_Routers.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Hardcoded_Credentials_in_BL-AC3600_Routers.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.0.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in LB-LINK BL-AC3600 1.0.22 entdeckt. Dies betrifft einen unbekannten Teil der Datei /etc/shadow. Dank Manipulation mit der Eingabe root:blinkadmin mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T02:32:05.381Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316262 | LB-LINK BL-AC3600 shadow hard-coded credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316262"
},
{
"name": "VDB-316262 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316262"
},
{
"name": "Submit #605630 | Blink BL-AC3600 V1.0.22 Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.605630"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Hardcoded_Credentials_in_BL-AC3600_Routers.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Hardcoded_Credentials_in_BL-AC3600_Routers.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T23:17:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-AC3600 shadow hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7564",
"datePublished": "2025-07-14T02:32:05.381Z",
"dateReserved": "2025-07-12T21:11:53.262Z",
"dateUpdated": "2025-07-14T14:47:58.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4076 (GCVE-0-2025-4076)
Vulnerability from cvelistv5 – Published: 2025-04-29 18:00 – Updated: 2025-04-29 18:52
VLAI?
Title
LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection
Summary
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LB-LINK | BL-AC3600 |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 Affected: 1.0.5 Affected: 1.0.6 Affected: 1.0.7 Affected: 1.0.8 Affected: 1.0.9 Affected: 1.0.10 Affected: 1.0.11 Affected: 1.0.12 Affected: 1.0.13 Affected: 1.0.14 Affected: 1.0.15 Affected: 1.0.16 Affected: 1.0.17 Affected: 1.0.18 Affected: 1.0.19 Affected: 1.0.20 Affected: 1.0.21 Affected: 1.0.22 |
Credits
Gray (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T18:29:13.539543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T18:52:45.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Password Handler"
],
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.7"
},
{
"status": "affected",
"version": "1.0.8"
},
{
"status": "affected",
"version": "1.0.9"
},
{
"status": "affected",
"version": "1.0.10"
},
{
"status": "affected",
"version": "1.0.11"
},
{
"status": "affected",
"version": "1.0.12"
},
{
"status": "affected",
"version": "1.0.13"
},
{
"status": "affected",
"version": "1.0.14"
},
{
"status": "affected",
"version": "1.0.15"
},
{
"status": "affected",
"version": "1.0.16"
},
{
"status": "affected",
"version": "1.0.17"
},
{
"status": "affected",
"version": "1.0.18"
},
{
"status": "affected",
"version": "1.0.19"
},
{
"status": "affected",
"version": "1.0.20"
},
{
"status": "affected",
"version": "1.0.21"
},
{
"status": "affected",
"version": "1.0.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Gray (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LB-LINK BL-AC3600 bis 1.0.22 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion easy_uci_set_option_string_0 der Datei /cgi-bin/lighttpd.cgi der Komponente Password Handler. Durch das Beeinflussen des Arguments routepwd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T18:00:06.757Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306513 | LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306513"
},
{
"name": "VDB-306513 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306513"
},
{
"name": "Submit #560232 | LBlink BL-AC3600 1.0.22 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.560232"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/GrayLxton/BLink_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/GrayLxton/BLink_poc/blob/main/poc.py"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-29T07:48:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4076",
"datePublished": "2025-04-29T18:00:06.757Z",
"dateReserved": "2025-04-29T05:43:02.425Z",
"dateUpdated": "2025-04-29T18:52:45.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1610 (GCVE-0-2025-1610)
Vulnerability from cvelistv5 – Published: 2025-02-24 01:31 – Updated: 2025-02-24 11:48
VLAI?
Title
LB-LINK AC1900 Router set_blacklist websGetVar os command injection
Summary
A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LB-LINK | AC1900 Router |
Affected:
1.0.2
|
Credits
h0lyduck (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1610",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T11:48:37.777624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T11:48:52.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1900 Router",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h0lyduck (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in LB-LINK AC1900 Router 1.0.2 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion websGetVar der Datei /goform/set_blacklist. Durch das Manipulieren des Arguments mac/enable mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T01:31:04.610Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296600 | LB-LINK AC1900 Router set_blacklist websGetVar os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296600"
},
{
"name": "VDB-296600 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296600"
},
{
"name": "Submit #501024 | LB-LINK LB-LINK AC1900 router V1.0.2 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501024"
},
{
"tags": [
"exploit"
],
"url": "https://noisy-caravel-a9a.notion.site/LBLINK_AC1900_V1-0-2_-set_blacklist-_-bs_SetMacBlack-_CI-179898c94eac802b9451fcb79aa668c3?pvs=74"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-23T08:02:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK AC1900 Router set_blacklist websGetVar os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1610",
"datePublished": "2025-02-24T01:31:04.610Z",
"dateReserved": "2025-02-23T06:56:52.951Z",
"dateUpdated": "2025-02-24T11:48:52.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1609 (GCVE-0-2025-1609)
Vulnerability from cvelistv5 – Published: 2025-02-24 01:00 – Updated: 2025-02-24 11:50
VLAI?
Title
LB-LINK AC1900 Router set_cmd websGetVar os command injection
Summary
A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LB-LINK | AC1900 Router |
Affected:
1.0.2
|
Credits
h0lyduck (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1609",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T11:50:01.097691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T11:50:41.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1900 Router",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h0lyduck (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In LB-LINK AC1900 Router 1.0.2 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion websGetVar der Datei /goform/set_cmd. Mittels Manipulieren des Arguments cmd mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T01:00:10.512Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296599 | LB-LINK AC1900 Router set_cmd websGetVar os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296599"
},
{
"name": "VDB-296599 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296599"
},
{
"name": "Submit #501023 | LB-LINK LB-LINK AC1900 router V1.0.2 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501023"
},
{
"tags": [
"exploit"
],
"url": "https://noisy-caravel-a9a.notion.site/LBLINK_AC1900_V1-0-2_-set_cmd-_-bs_SetCmd-_CI-179898c94eac808e8875e0b8e1bee47e?pvs=74"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-23T08:02:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK AC1900 Router set_cmd websGetVar os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1609",
"datePublished": "2025-02-24T01:00:10.512Z",
"dateReserved": "2025-02-23T06:56:50.228Z",
"dateUpdated": "2025-02-24T11:50:41.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1608 (GCVE-0-2025-1608)
Vulnerability from cvelistv5 – Published: 2025-02-24 00:31 – Updated: 2025-02-24 11:52
VLAI?
Title
LB-LINK AC1900 Router set_manpwd websGetVar os command injection
Summary
A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LB-LINK | AC1900 Router |
Affected:
1.0.2
|
Credits
h0lyduck (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1608",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T11:51:44.728998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T11:52:05.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1900 Router",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h0lyduck (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd\u00a0 leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LB-LINK AC1900 Router 1.0.2 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion websGetVar der Datei /goform/set_manpwd. Mittels dem Manipulieren des Arguments routepwd\u00a0 mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T00:31:07.007Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296598 | LB-LINK AC1900 Router set_manpwd websGetVar os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296598"
},
{
"name": "VDB-296598 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296598"
},
{
"name": "Submit #501022 | LB-LINK LB-LINK AC1900 router V1.0.2 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501022"
},
{
"tags": [
"exploit"
],
"url": "https://noisy-caravel-a9a.notion.site/LBLINK_AC1900_V1-0-2_-set_manpwd-_-bl_do_system-_CI-179898c94eac81b9bf56c1f64db77e2d?pvs=74"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-23T08:01:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK AC1900 Router set_manpwd websGetVar os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1608",
"datePublished": "2025-02-24T00:31:07.007Z",
"dateReserved": "2025-02-23T06:56:47.641Z",
"dateUpdated": "2025-02-24T11:52:05.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}