228 matches found
PT-2024-25223 · Lb Link · Lb-Link Bl-W1210M
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-W1210M version 2.0 Description: A clickjacking issue was discovered via the Administrator login page. Attackers can cause victim users to perform arbitrary operations by interacting with crafted elements on the web page...
CVE-2024-33374
CVE-2024-33374 affects the LB-LINK BL-W1210M v2.0 router. The issue is an incorrect access control in the UART/Serial interface that allows attackers to reach the root terminal without authentication. The CVSS base score is 9.8 (CRITICAL) with NETWORK attack vector, low complexity, no privileges ...
LB-LINK BL-W1210M Security Breach
LB-LINK BL-W1210M is a wireless router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-W1210M v2.0, which stems from incorrect access control...
LB-LINK BL-W1210M Security Breach
LB-LINK BL-W1210M is a wireless router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-W1210M version v2.0, which originates from storing user credentials in plain text...
PT-2024-25220 · Lb Link · Lb-Link Bl-W1210M
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-W1210M version 2.0 Description: An issue in the LB-LINK BL-W1210M router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This can allow attackers to access the router v...
CVE-2024-33373
The CVE-2024-33373 issue affects LB-LINK BL-W1210M v2.0 routers. The vulnerability allows bypassing password complexity requirements and setting single-digit passwords, enabling brute-force access to the device. Public documents consistently reference the router model and the authentication weakn...
CVE-2024-33374
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication...
CVE-2024-33373
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack...
CVE-2024-33375
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware...
CVE-2024-33377
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page...
PT-2024-25221 · Lb Link · Lb-Link Bl-W1210M
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-W1210M version 2.0 Description: The issue is related to incorrect access control in the UART/Serial interface, allowing attackers to access the root terminal without authentication. This enables unauthorized access to the system...
CVE-2024-33377
LB-LINK BL-W1210M v2.0 is affected by a clickjacking vulnerability on the Administrator login page. The root cause is a UI‑level clickjack surface that can cause victims to perform arbitrary actions via crafted elements. Exploitation details and a formal fix/version are not provided across the co...
CVE-2024-33374
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication...
CVE-2024-33373
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack...
PT-2024-25222 · Lb Link · Lb-Link Bl-W1210M
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-W1210M version 2.0 Description: The issue concerns the storage of user credentials in plaintext within the router's firmware. This means that sensitive information, such as usernames and passwords, is not encrypted and can be easil...
Command injection
LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg...
CVE-2023-26801
LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg...
CVE-2023-26801
LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg. Recent assessments: Assessed Attacker Value: 0 Assessed...
CVE-2023-26801
LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg...
PT-2023-2961
Name of the Vulnerable Software and Affected Versions LB-LINK BL-AC1900 2.0 version 1.0.1 LB-LINK BL-WR9000 version 2.4.9 LB-LINK BL-X26 version 1.2.5 LB-LINK BL-LTE300 version 1.0.8 Description The issue is related to a command injection vulnerability via the mac, time1, and time2 parameters at...