Filtered by vendor Lb-link
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7565 | 1 Lb-link | 2 Bl-ac3600, Bl-ac3600 Firmware | 2025-07-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7564 | 1 Lb-link | 2 Bl-ac3600, Bl-ac3600 Firmware | 2025-07-17 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-33373 | 1 Lb-link | 2 Bl-w1210m, Bl-w1210m Firmware | 2025-06-06 | N/A | 6.3 MEDIUM |
| An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack. | |||||
| CVE-2024-33377 | 1 Lb-link | 2 Bl-w1210m, Bl-w1210m Firmware | 2025-05-30 | N/A | 8.1 HIGH |
| LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page. | |||||
| CVE-2024-33375 | 1 Lb-link | 2 Bl-w1210m, Bl-w1210m Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. | |||||
| CVE-2025-29062 | 1 Lb-link | 2 Bl-ac2100, Bl-ac2100 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. | |||||
| CVE-2025-29063 | 1 Lb-link | 2 Bl-ac2100, Bl-ac2100 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. | |||||
| CVE-2024-51431 | 1 Lb-link | 2 Bl-wr1300h, Bl-wr1300h Firmware | 2024-11-05 | N/A | 9.8 CRITICAL |
| LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable. | |||||