CNNVD-202507-1819 Information

Jul 14, 2025 cve

CNNVD ID

CNNVD-202507-1819

CVE-2025-7565

CNNVD Published: 2025-07-14

Description (Chinese)

LB-LINK BL-AC3600是中国必联（LB-LINK）公司的一款双频千兆无线路由器，支持2.4GHz和5GHz频段，适用于家庭和小型办公室网络。 LB-LINK BL-AC3600 1.0.22及之前版本存在访问控制错误漏洞，该漏洞源于文件/cgi-bin/lighttpd.cgi中参数Password操作不当，可能导致信息泄露。

Description (English)

LB-LINK BL-AC3600 is a dual-frequency gigabyte-wireless router of the company LB-LINK, which supports 2.4 GHz and 5 GHz bands and applies to family and small office networks. The LB-LINK BL-AC3600 1.0.22 and previous versions have access control error holes that stem from the inappropriate operation of the parameter Password in file/cgi-bin/lighttpd.cgi, which may lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

必联

Published

2025-07-14

Last Modified

2026-02-24

References

https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md#poc https://vuldb.com/?ctiid.316263 https://vuldb.com/?id.316263 https://vuldb.com/?submit.605632

Share on: