CNNVD-202507-1831 Information
CNNVD ID
CNNVD-202507-1831
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
LB-LINK BL-AC1900等都是中国必联(LB-LINK)公司的产品。LB-LINK BL-AC1900是一款无线路由器。LB-LINK BL-AC3600是一款双频千兆无线路由器,支持2.4GHz和5GHz频段,适用于家庭和小型办公室网络。LB-LINK AC2100_AZ3是一款路由器。 LB-LINK多款产品存在安全漏洞,该漏洞源于文件/cgi-bin/lighttpd.cgi中函数bs_GetManPwd的错误操作导致信息泄露。以下产品及版本受到影响:BL-AC1900、BL-AC2100_AZ3、BL-AC3600、BL-AX1800、BL-AX5400P和BL-WR9000 20250702及之前版本。
Description (English)
LB-LINK BL-AC1900 and others are products of the Federation of China (LB-LINK). LB-LINK BL-AC1900 is a wireless router. LB-LINK BL-AC3600 is a double-frequency gigabyte-wireless router that supports 2.4 GHz and 5 GHz bands, which are applicable to family and small office networks. LB-LINK AC 2100 AZ3 is a router. There is a safety loophole in LB-LINK multi-products, which stems from the error in the document/cgi-bin/lighttpd.cgi function bs GetManPwd leading to the leak of information. The following products and versions were affected: BL-AC1900, BL-AC 210000 AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR90000 20250702 and previous versions.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
必联
Published
2025-07-14
Last Modified
2026-02-24
References
https://vuldb.com/?id.316271 https://vuldb.com/?submit.608010 https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Web_Interface_Login_Credential_Disclosure_Risk_in_Various_Blink_Router_Models.md#poc https://vuldb.com/?ctiid.316271 https://access.redhat.com/security/cve/cve-2025-7573
Share on: