Search criteria
5 vulnerabilities by lb-link
CVE-2025-9579 (GCVE-0-2025-9579)
Vulnerability from cvelistv5 – Published: 2025-08-28 18:32 – Updated: 2025-08-28 18:41
VLAI?
Title
LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection
Summary
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9579",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:41:56.264428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:41:59.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md#3-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Handler"
],
"product": "BL-X26",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.2.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in LB-LINK BL-X26 1.2.8 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/set_hidessid_cfg der Komponente HTTP Handler. Dank der Manipulation des Arguments enable mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:32:09.759Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321692 | LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321692"
},
{
"name": "VDB-321692 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321692"
},
{
"name": "Submit #636082 | LB-LINK BL-X26 v1.2.8 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.636082"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/B-Link%20X26%20V1.2.8-1/B-Link%20X26%20V1.2.8.md#3-poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-28T14:20:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9579",
"datePublished": "2025-08-28T18:32:09.759Z",
"dateReserved": "2025-08-28T12:15:16.188Z",
"dateUpdated": "2025-08-28T18:41:59.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7574 (GCVE-0-2025-7574)
Vulnerability from cvelistv5 – Published: 2025-07-14 05:02 – Updated: 2025-07-14 13:59
VLAI?
Title
LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication
Summary
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
9.8 (Critical)
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7574",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T13:59:04.509974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T13:59:10.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "BL-AC1900",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AC2100_AZ3",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AX1800",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-AX5400P",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "BL-WR9000",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 bis 20250702 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion reboot/restore der Datei /cgi-bin/lighttpd.cgi der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T05:02:05.631Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316272 | LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316272"
},
{
"name": "VDB-316272 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316272"
},
{
"name": "Submit #608018 | Blink BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 Incorrect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.608018"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T09:21:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7574",
"datePublished": "2025-07-14T05:02:05.631Z",
"dateReserved": "2025-07-13T07:16:48.181Z",
"dateUpdated": "2025-07-14T13:59:10.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7573 (GCVE-0-2025-7573)
Vulnerability from cvelistv5 – Published: 2025-07-14 04:44 – Updated: 2025-07-14 14:00
VLAI?
Title
LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure
Summary
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T14:00:36.947012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T14:00:44.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BL-AC1900",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC2100_AZ3",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX1800",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX5400P",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-WR9000",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 bis 20250702 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion bs_GetManPwd in der Bibliothek libblinkapi.so der Datei /cgi-bin/lighttpd.cgi. Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T04:44:05.217Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316271 | LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316271"
},
{
"name": "VDB-316271 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316271"
},
{
"name": "Submit #608010 | Blink BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 Informati",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.608010"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T09:21:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7573",
"datePublished": "2025-07-14T04:44:05.217Z",
"dateReserved": "2025-07-13T07:16:45.492Z",
"dateUpdated": "2025-07-14T14:00:44.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7572 (GCVE-0-2025-7572)
Vulnerability from cvelistv5 – Published: 2025-07-14 04:32 – Updated: 2025-07-14 13:20
VLAI?
Title
LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure
Summary
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
waiwai24 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7572",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T13:18:49.015863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T13:20:49.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BL-AC1900",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC2100_AZ3",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX1800",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-AX5400P",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
},
{
"product": "BL-WR9000",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "20250702"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "waiwai24 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 bis 20250702 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion bs_GetHostInfo in der Bibliothek libblinkapi.so der Datei /cgi-bin/lighttpd.cgi. Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T04:32:06.275Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316270 | LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316270"
},
{
"name": "VDB-316270 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316270"
},
{
"name": "Submit #608009 | Blink BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19\u3001BL-AX1800 V1.0.19\u3001BL-AC3600 V1.0.22\u3001BL-WR9000 V2.4.9\u3001BL-AC1900 V1.0.2\u3001BL-AC2100_AZ3 V1.0.4 Exposure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.608009"
},
{
"tags": [
"related"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-13T09:21:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7572",
"datePublished": "2025-07-14T04:32:06.275Z",
"dateReserved": "2025-07-13T07:16:43.264Z",
"dateUpdated": "2025-07-14T13:20:49.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4076 (GCVE-0-2025-4076)
Vulnerability from cvelistv5 – Published: 2025-04-29 18:00 – Updated: 2025-04-29 18:52
VLAI?
Title
LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection
Summary
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LB-LINK | BL-AC3600 |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 Affected: 1.0.5 Affected: 1.0.6 Affected: 1.0.7 Affected: 1.0.8 Affected: 1.0.9 Affected: 1.0.10 Affected: 1.0.11 Affected: 1.0.12 Affected: 1.0.13 Affected: 1.0.14 Affected: 1.0.15 Affected: 1.0.16 Affected: 1.0.17 Affected: 1.0.18 Affected: 1.0.19 Affected: 1.0.20 Affected: 1.0.21 Affected: 1.0.22 |
Credits
Gray (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T18:29:13.539543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T18:52:45.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Password Handler"
],
"product": "BL-AC3600",
"vendor": "LB-LINK",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.7"
},
{
"status": "affected",
"version": "1.0.8"
},
{
"status": "affected",
"version": "1.0.9"
},
{
"status": "affected",
"version": "1.0.10"
},
{
"status": "affected",
"version": "1.0.11"
},
{
"status": "affected",
"version": "1.0.12"
},
{
"status": "affected",
"version": "1.0.13"
},
{
"status": "affected",
"version": "1.0.14"
},
{
"status": "affected",
"version": "1.0.15"
},
{
"status": "affected",
"version": "1.0.16"
},
{
"status": "affected",
"version": "1.0.17"
},
{
"status": "affected",
"version": "1.0.18"
},
{
"status": "affected",
"version": "1.0.19"
},
{
"status": "affected",
"version": "1.0.20"
},
{
"status": "affected",
"version": "1.0.21"
},
{
"status": "affected",
"version": "1.0.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Gray (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LB-LINK BL-AC3600 bis 1.0.22 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion easy_uci_set_option_string_0 der Datei /cgi-bin/lighttpd.cgi der Komponente Password Handler. Durch das Beeinflussen des Arguments routepwd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T18:00:06.757Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306513 | LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306513"
},
{
"name": "VDB-306513 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306513"
},
{
"name": "Submit #560232 | LBlink BL-AC3600 1.0.22 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.560232"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/GrayLxton/BLink_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/GrayLxton/BLink_poc/blob/main/poc.py"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-29T07:48:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4076",
"datePublished": "2025-04-29T18:00:06.757Z",
"dateReserved": "2025-04-29T05:43:02.425Z",
"dateUpdated": "2025-04-29T18:52:45.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}