PT-2025-36919

Name of the Vulnerable Software and Affected Versions: LB-Link BL-CPE300M AX300 4G LTE Router version BL-R8800 B10 ALK SL V01.01.02P42U14 06 Description: The LB-Link BL-CPE300M AX300 4G LTE Router does not implement proper session handling. After a user authenticates from a specific IP address, t...

CVE-2025-57278

LB-Link LB-CPE300M AX300 4G router (firmware BL-R8800_B10_ALK_SL_V01.01.02P42U14_06) has improper session handling, enabling authentication bypass by reusing a previously authenticated IP address. There are no session tokens, cookies, or unique identifiers, allowing full admin access when an atta...

LB-Link BL-CPE300M 安全漏洞

LB-Link BL-CPE300M is a router device from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M version 01.01.02P42U1406, which stems from a cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...