177 matches found
LB-Link BL-CPE300M 安全漏洞
LB-Link BL-CPE300M is a router device from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M version 01.01.02P42U1406, which stems from a cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...
CVE-2025-7564
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...
CVE-2025-7564
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...
CVE-2025-7565
LB-LINK BL-AC3600 Web Management Interface (lighttpd.cgi geteasycfg) up to version 1.0.22 is affected. The vulnerability stems from improper handling of the Password argument in /cgi-bin/lighttpd.cgi, enabling information disclosure. Attacks can be initiated remotely and the exploit has been publ...
CVE-2025-7564
CVE-2025-7564 affects LB-LINK BL-AC3600 (firmware 1.0.22). The issue is a local-access vulnerability impacting an unknown function in /etc/shadow, where input manipulation of root:blinkadmin leads to hard-coded credentials exposure. Exploitation is locally feasible with the vulnerability describe...
CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...
CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...
VulnCheck KEV: CVE-2025-29063
An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...
PT-2025-29411 · Lb Link · Lb-Link Bl-Ac3600
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-AC3600 version 1.0.22 Description: A critical vulnerability exists in LB-LINK BL-AC3600 version 1.0.22. The issue affects some unknown functionality of the file /etc/shadow. Manipulation of the input root:blinkadmin leads to the...
PT-2025-29412 · Lb Link · Lb-Link Bl-Ac3600
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-AC3600 versions up to 1.0.22 Description: A critical issue exists in the Web Management Interface component of LB-LINK BL-AC3600. The geteasycfg function within the /cgi-bin/lighttpd.cgi file is susceptible to information disclosur...
CVE-2025-45985
Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function...
CVE-2024-33374
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication...
CVE-2024-33373
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack...
CVE-2024-33375
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware...
CVE-2024-33377
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page...
CVE-2024-51431
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...
CVE-2025-4076
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...
CVE-2025-4076
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...
CVE-2025-4076 LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...
CVE-2025-4076 LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easyucisetoptionstring0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to...