Lucene search
K

177 matches found

CNNVD
CNNVD
added 2025/07/31 12:0 a.m.5 views

LB-Link BL-CPE300M 安全漏洞

LB-Link BL-CPE300M is a router device from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M version 01.01.02P42U1406, which stems from a cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

6.1CVSS6.2AI score0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/16 3:2 a.m.4 views

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

8.5CVSS7AI score0.00215EPSS
Exploits1References1
NVD
NVD
added 2025/07/14 3:15 a.m.7 views

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

8.5CVSS0.00215EPSS
Exploits1References5
CVE
CVE
added 2025/07/14 2:44 a.m.31 views

CVE-2025-7565

LB-LINK BL-AC3600 Web Management Interface (lighttpd.cgi geteasycfg) up to version 1.0.22 is affected. The vulnerability stems from improper handling of the Password argument in /cgi-bin/lighttpd.cgi, enabling information disclosure. Attacks can be initiated remotely and the exploit has been publ...

7.5CVSS5.2AI score0.0062EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/07/14 2:32 a.m.22 views

CVE-2025-7564

CVE-2025-7564 affects LB-LINK BL-AC3600 (firmware 1.0.22). The issue is a local-access vulnerability impacting an unknown function in /etc/shadow, where input manipulation of root:blinkadmin leads to hard-coded credentials exposure. Exploitation is locally feasible with the vulnerability describe...

8.5CVSS7.5AI score0.00215EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/07/14 2:32 a.m.10 views

CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

8.5CVSS0.00215EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/14 2:32 a.m.2 views

CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

8.5CVSS6.9AI score0.00215EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

9.8CVSS6.2AI score0.01003EPSS
In wildExploits1References156
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.2 views

PT-2025-29411 · Lb Link · Lb-Link Bl-Ac3600

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-AC3600 version 1.0.22 Description: A critical vulnerability exists in LB-LINK BL-AC3600 version 1.0.22. The issue affects some unknown functionality of the file /etc/shadow. Manipulation of the input root:blinkadmin leads to the...

8.5CVSS7.5AI score0.00215EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.5 views

PT-2025-29412 · Lb Link · Lb-Link Bl-Ac3600

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-AC3600 versions up to 1.0.22 Description: A critical issue exists in the Web Management Interface component of LB-LINK BL-AC3600. The geteasycfg function within the /cgi-bin/lighttpd.cgi file is susceptible to information disclosur...

7.5CVSS5AI score0.0062EPSS
Exploits1References10
OSV
OSV
added 2025/06/13 12:15 p.m.5 views

CVE-2025-45985

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function...

9.8CVSS5.8AI score0.07116EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.4 views

CVE-2024-33374

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication...

9.8CVSS6.9AI score0.00539EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.4 views

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack...

6.3CVSS6.9AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:3 a.m.4 views

CVE-2024-33375

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware...

9.8CVSS7.2AI score0.00619EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.11 views

CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page...

8.1CVSS7.4AI score0.00442EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.6 views

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

9.8CVSS5.8AI score0.00561EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 7:7 p.m.13 views

CVE-2025-4076

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...

6.5CVSS7.4AI score0.01921EPSS
Exploits0References1
NVD
NVD
added 2025/04/29 6:15 p.m.21 views

CVE-2025-4076

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...

6.5CVSS0.01921EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/29 6:0 p.m.9 views

CVE-2025-4076 LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...

6.5CVSS6.9AI score0.01921EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/29 6:0 p.m.23 views

CVE-2025-4076 LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...

6.5CVSS0.01921EPSS
Exploits0References5
Rows per page
Query Builder