191 matches found
EUVD-2025-4391
Malicious code in bioql PyPI...
EUVD-2025-23279
Malicious code in bioql PyPI...
CVE-2025-57685
The LB-Link routers, including the BL-AC2100AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000AE4 v2.4.9, BL-AC1900AZ2 v1.0.2, BL-X26AC8 v1.2.8, and BL-LTE300DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/setserialcfg...
PT-2025-39007
The LB-Link routers, including the BL-AC2100 AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000 AE4 v2.4.9, BL-AC1900 AZ2 v1.0.2, BL-X26 AC8 v1.2.8, and BL-LTE300 DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/set serial...
LB-LINK BL-AC2100 安全漏洞
LB-LINK BL-AC2100 is a wireless Wi-Fi 6 router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-AC2100 1.0.3 and earlier versions, which originates from the improper handling of parameter Type in the delshrpath function of the /goform/setdelshrpathcfg file in the Web...
CVE-2025-57685
The CVE-2025-57685 issue affects LB-Link routers including BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3. According to the provided sources, the vulnerability is an unauthorized command injection via the /goform/set...
CVE-2025-57278
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...
LB-Link BL-CPE300M AX300 4G LTE Router 安全漏洞
LB-Link BL-CPE300M AX300 4G LTE Router is a router from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M AX300 4G LTE Router that stems from improper session handling, which could lead to authentication bypass...
CVE-2025-57278
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...
CVE-2025-57278
LB-Link LB-CPE300M AX300 4G router (firmware BL-R8800_B10_ALK_SL_V01.01.02P42U14_06) has improper session handling, enabling authentication bypass by reusing a previously authenticated IP address. There are no session tokens, cookies, or unique identifiers, allowing full admin access when an atta...
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9579
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...
CVE-2025-9579
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9579
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...
CVE-2025-9580 LB-LINK BL-X26 HTTP set_blacklist os command injection
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9580 LB-LINK BL-X26 HTTP set_blacklist os command injection
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9580
CVE-2025-9580 affects LB-LINK BL-X26 v1.2.8. The vulnerability lies in the HTTP Handler’s /goform/set_blacklist where manipulating the mac argument enables OS command injection. Exploitation is possible remotely and publicly disclosed; at least one advisory notes exploitation and lack of vendor r...
CVE-2025-9579 LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...