6 matches found
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9579
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...
CVE-2025-9580
CVE-2025-9580 affects LB-LINK BL-X26 v1.2.8. The vulnerability lies in the HTTP Handler’s /goform/set_blacklist where manipulating the mac argument enables OS command injection. Exploitation is possible remotely and publicly disclosed; at least one advisory notes exploitation and lack of vendor r...
CVE-2025-9579 LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...
PT-2025-35131
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-X26 version 1.2.8 Description: A security issue has been identified in LB-LINK BL-X26 version 1.2.8 related to the HTTP Handler component. Manipulation of the mac argument in the /goform/set blacklist file can lead to os command...
VulnCheck KEV: CVE-2023-26801
LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg...