CVE-2025-7565

🗓️ 14 Jul 2025 02:44:05Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 28 Views🌐 WEB

Critical CVE-2025-7565 vulnerability in LB-LINK BL-AC3600 allows remote information disclosure exploit.

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the geteasycfg function (/cgi-bin/lighttpd.cgi) of the Web Management Interface component of the microprogramming-based router LB-LINK BL-AC3600 allows a attacker to disclose protected information.	29 Jul 202500:00	–	bdu_fstec
CNNVD	LB-LINK BL-AC3600 访问控制错误漏洞	14 Jul 202500:00	–	cnnvd
Cvelist	CVE-2025-7565 LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure	14 Jul 202502:44	–	cvelist
EUVD	EUVD-2025-21301	3 Oct 202520:07	–	euvd
NVD	CVE-2025-7565	14 Jul 202504:15	–	nvd
Positive Technologies	PT-2025-29412 · Lb Link · Lb-Link Bl-Ac3600	27 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-7565	16 Jul 202503:02	–	redhatcve
Vulnrichment	CVE-2025-7565 LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure	14 Jul 202502:44	–	vulnrichment

NVD

Vulners

Node

lb-link bl-ac3600_firmwareRange≤1.0.22

AND

lb-link bl-ac3600Match-

[
  {
    "vendor": "LB-LINK",
    "product": "BL-AC3600",
    "versions": [
      {
        "version": "1.0.0",
        "status": "affected"
      },
      {
        "version": "1.0.1",
        "status": "affected"
      },
      {
        "version": "1.0.2",
        "status": "affected"
      },
      {
        "version": "1.0.3",
        "status": "affected"
      },
      {
        "version": "1.0.4",
        "status": "affected"
      },
      {
        "version": "1.0.5",
        "status": "affected"
      },
      {
        "version": "1.0.6",
        "status": "affected"
      },
      {
        "version": "1.0.7",
        "status": "affected"
      },
      {
        "version": "1.0.8",
        "status": "affected"
      },
      {
        "version": "1.0.9",
        "status": "affected"
      },
      {
        "version": "1.0.10",
        "status": "affected"
      },
      {
        "version": "1.0.11",
        "status": "affected"
      },
      {
        "version": "1.0.12",
        "status": "affected"
      },
      {
        "version": "1.0.13",
        "status": "affected"
      },
      {
        "version": "1.0.14",
        "status": "affected"
      },
      {
        "version": "1.0.15",
        "status": "affected"
      },
      {
        "version": "1.0.16",
        "status": "affected"
      },
      {
        "version": "1.0.17",
        "status": "affected"
      },
      {
        "version": "1.0.18",
        "status": "affected"
      },
      {
        "version": "1.0.19",
        "status": "affected"
      },
      {
        "version": "1.0.20",
        "status": "affected"
      },
      {
        "version": "1.0.21",
        "status": "affected"
      },
      {
        "version": "1.0.22",
        "status": "affected"
      }
    ],
    "modules": [
      "Web Management Interface"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md
github	www.github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md

Parameter	Position	Path	Description	CWE
Password	query param	/cgi-bin/lighttpd.cgi	Manipulation of the Password argument in geteasycfg leads to information disclosure.	CWE-284, CWE-200, CWE-522

17 Jun 2026 10:05Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.3 - 7.5

CVSS 25

CVSS 46.9

CVSS 35.3

EPSS0.0062

SSVC

cve-2025-7565 lb-link bl-ac3600 information disclosure remote attack web management interface