CVE-2026-4228

CVE-2026-4228 affects LB-LINK BL-WR9000 running 2.4.9, with the vulnerable code path in the function at /goform/set_wifi (sub_458754). The manipulation enables a remote command injection, and the exploit is publicly available. Multiple sources (NVD, Red Hat, EUVD, CVE listing, and third-party fee...

PT-2026-25638

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub 458754 of the file /goform/set wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about...

EUVD-2025-23279

Malicious code in bioql PyPI...

EUVD-2025-4384

Malicious code in bioql PyPI...

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

LB-Link BL-CPE300M AX300 4G LTE Router 安全漏洞

LB-Link BL-CPE300M AX300 4G LTE Router is a router from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M AX300 4G LTE Router that stems from improper session handling, which could lead to authentication bypass...

CVE-2025-57278

LB-Link LB-CPE300M AX300 4G router (firmware BL-R8800_B10_ALK_SL_V01.01.02P42U14_06) has improper session handling, enabling authentication bypass by reusing a previously authenticated IP address. There are no session tokens, cookies, or unique identifiers, allowing full admin access when an atta...

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

CVE-2025-51569

CVE-2025-51569 describes a cross-site scripting (XSS) vulnerability in the LB-Link BL-CPE300M web interface. The issue stems from the endpoint /goform/goform_get_cmd_process, where input in the cmd parameter is not properly sanitized before being reflected into a text/html response, enabling an a...

LB-Link BL-CPE300M 安全漏洞

LB-Link BL-CPE300M is a router device from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M version 01.01.02P42U1406, which stems from a cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

PT-2025-31550 · Lb Link · Lb-Link Bl-Cpe300M

Name of the Vulnerable Software and Affected Versions: LB-Link BL-CPE300M version 01.01.02P42U14 06 Description: A cross-site scripting XSS vulnerability exists in the web interface of the router. The /goform/goform get cmd process API endpoint fails to sanitize user input in the cmd parameter...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

The vulnerability of the microprogrammed software of the LB-LINK BL-W1210M router, related to the unencrypted storage of critical information, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the microprogrammed software of the LB-LINK BL-W1210M router lies in the unencrypted storage of critical information. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to the protected information...

The vulnerability of the websGetVar function in the /goform/set_cmd file of the LB-LINK microprogramming router software allows a hacker to gain full control over the device.

The vulnerability of the websGetVar function in the /goform/set command of the LB-LINK microprogramming device exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow a malicious actor to gain full...

The vulnerability of the websGetVar function in the /goform/set_blacklist file of the LB-LINK router software allows a violator to gain full control over the device.

The vulnerability of the websGetVar function in the /goform/setblacklist file of the LB-LINK router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow a remote attacker to gain ful...

The vulnerability of the bs_setCmd() function in the libshare-0.0.26.so library of the LB-LINK microprogramming router software allows a attacker to execute arbitrary commands.

The vulnerability of the bssetCmd function in the libshare-0.0.26.so library of the LB-LINK router software lies in the failure to take data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

The vulnerability of the bs_SetMacBlack() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.

The vulnerability of the bsSetMacBlack function in the libshare-0.0.26.so library of the LB-LINK router software is related to the lack of data cleaning measures at the control level when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the bs_SetSSIDHide() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.

The vulnerability of the bsSetSSIDHide function in the libshare-0.0.26.so library of the LB-LINK router software is related to the lack of measures taken at the management level during the processing of the enable parameter. Exploiting this vulnerability allows a remote attacker to execute...