CVE-2026-4228

Medium CVSS: 5.3

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Lb-link

Product

Bl-wr9000 Firmware

CWE

CWE-74

Yayın Tarihi

2026-03-16 14:20:16

Güncelleme

2026-03-20 18:19:54

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Bl-wr9000 Firmware MEDIUM Lb-link 2026

Referanslar

https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_wlanpswencry%20command%20injection_EN.md https://vuldb.com/?ctiid.351151 https://vuldb.com/?id.351151 https://vuldb.com/?submit.771210

Benzer Kayıtlar

High

CVE-2026-4226

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /…

High

CVE-2026-4227

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 o…

High

CVE-2025-10773

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath o…

High

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement pr…

Medium

CVE-2025-7565

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the functio…

High

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is…