CNNVD-202507-1829 Information
CNNVD ID
CNNVD-202507-1829
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
LB-LINK BL-AC1900等都是中国必联(LB-LINK)公司的产品。LB-LINK BL-AC1900是一款无线路由器。LB-LINK BL-AC3600是一款双频千兆无线路由器,支持2.4GHz和5GHz频段,适用于家庭和小型办公室网络。LB-LINK AC2100_AZ3是一款路由器。 LB-LINK多款产品存在访问控制错误漏洞,该漏洞源于文件/cgi-bin/lighttpd.cgi中函数bs_GetHostInfo的错误操作导致信息泄露。以下产品及版本受到影响:BL-AC1900、BL-AC2100_AZ3、BL-AC3600、BL-AX1800、BL-AX5400P和BL-WR9000 20250702及之前版本。
Description (English)
LB-LINK BL-AC1900 and others are products of the Federation of China (LB-LINK). LB-LINK BL-AC1900 is a wireless router. LB-LINK BL-AC3600 is a double-frequency gigabyte-wireless router that supports 2.4 GHz and 5 GHz bands, which are applicable to family and small office networks. LB-LINK AC 2100 AZ3 is a router. LB-LINK multi-products have access control bugs, which stem from the error in the file/cgi-bin/lighttpd.cgi function bs GetHostInfo that caused the information to be leaked. The following products and versions were affected: BL-AC1900, BL-AC 210000 AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR90000 20250702 and previous versions.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
必联
Published
2025-07-14
Last Modified
2026-02-24
References
https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md#poc https://vuldb.com/?id.316270 https://vuldb.com/?ctiid.316270 https://vuldb.com/?submit.608009 https://access.redhat.com/security/cve/cve-2025-7572
Share on: