CVE-2025-1608

Medium CVSS: 5.3

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Lb-link

Product

Ac1900 Firmware

CWE

CWE-77

Yayın Tarihi

2025-02-24 01:15:10

Güncelleme

2025-11-04 20:59:14

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-77 Ac1900 Firmware MEDIUM Lb-link 2025

Referanslar

https://noisy-caravel-a9a.notion.site/LBLINK_AC1900_V1-0-2_-set_manpwd-_-bl_do_system-_CI-179898c94eac81b9bf56c1f64db77e2d?pvs=74 https://vuldb.com/?ctiid.296598 https://vuldb.com/?id.296598 https://vuldb.com/?submit.501022

Benzer Kayıtlar

Medium

CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wi…

High

CVE-2026-4226

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /…

High

CVE-2026-4227

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 o…

High

CVE-2025-10773

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath o…

High

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement pr…

Medium

CVE-2025-7565

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the functio…