CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4226

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub44E8D0 of the file /goform/getvirtualcfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public...

CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4226

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub44E8D0 of the file /goform/getvirtualcfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public...

CVE-2026-4227

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub44D844 of the file /goform/gethidessidcfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

CVE-2026-4228

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4228 LB-LINK BL-WR9000 set_wifi sub_458754 command injection

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

CVE-2026-4227 LB-LINK BL-WR9000 get_hidessid_cfg sub_44D844 buffer overflow

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub44D844 of the file /goform/gethidessidcfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

CVE-2026-4227

LB-LINK BL-WR9000 (firmware 2.4.9) is affected by a buffer overflow in the function sub_44D844 of /goform/get_hidessid_cfg. The vulnerability enables remote exploitation and has publicly disclosed exploit code. Both CVE records identify the issue and context; no remediation details are provided i...

LB-LINK BL-WR9000 安全漏洞

The LB-LINK BL-WR9000 is a wireless router produced by the LB-LINK company. Version 2.4.9 of the LB-LINK BL-WR9000 contains a security vulnerability. This vulnerability arises from an operation on the function sub44D844 within the file/goform/gethidessidcfg, resulting in a buffer overflow. This...

LB-LINK BL-WR9000 安全漏洞

The LB-LINK BL-WR9000 is a wireless router produced by the LB-LINK company. Version 2.4.9 of the LB-LINK BL-WR9000 contains a security vulnerability. This vulnerability stems from operations on the function sub44E8D0 within the file/goform/getvirtualcfg, which may lead to a stack buffer overflow...

PT-2026-25636

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub 44E8D0 of the file /goform/get virtual cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the...

LB-LINK BL-WR9000 命令注入漏洞

The LB-LINK BL-WR9000 is a wireless router produced by the LB-LINK company. Version 2.4.9 of the LB-LINK BL-WR9000 contains a command injection vulnerability. This vulnerability arises from operations on the function sub458754 in the file/goform/setwifi, which allows for command injection,...

CVE-2025-45985

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function...

CVE-2023-26801

CVE-2023-26801 affects LB-LINK BL-AC1900_2.0 v1.0.1, BL-WR9000 v2.4.9, BL-X26 v1.2.5, and BL-LTE300 v1.0.8. The vulnerability is a command injection via the mac, time1, and time2 parameters in /goform/set_LimitClient_cfg. Root cause involves improper input handling in the /goform/set_LimitClient_...

VulnCheck KEV: CVE-2023-26801

LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg...