CVE-2025-7565

Medium CVSS: 5.5

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Lb-link

Product

Bl-ac3600 Firmware

CWE

CWE-200

Yayın Tarihi

2025-07-14 04:15:34

Güncelleme

2025-07-17 17:48:57

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-200 Bl-ac3600 Firmware MEDIUM Lb-link 2025

Referanslar

https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md#poc https://vuldb.com/?ctiid.316263 https://vuldb.com/?id.316263 https://vuldb.com/?submit.605632

Benzer Kayıtlar

Medium

CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wi…

High

CVE-2026-4226

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /…

High

CVE-2026-4227

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 o…

High

CVE-2025-10773

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath o…

High

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement pr…

High

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is…