CNNVD-202509-3515 Information

Sep 22, 2025 cve

CNNVD ID

CNNVD-202509-3515

CVE-2025-57685

CNNVD Published: 2025-09-22

Description (Chinese)

LB-Link BL-AC2100_AZ3等都是中国必联（LB-Link）公司的一款无线路由器。 LB-Link多款产品存在安全漏洞，该漏洞源于/goform/set_serial_cfg接口存在未授权命令注入，可能导致远程执行恶意命令。以下产品及版本受到影响：BL-AC2100_AZ3 V1.0.4版本、BL-WR4000 v2.5.0版本、BL-WR9000_AE4 v2.4.9版本、BL-AC1900_AZ2 v1.0.2版本、BL-X26_AC8 v1.2.8版本和BL-LTE300_DA4 V1.2.3版本。

Description (English)

The LB-Link BL-AC 2100 AZ3 and others are all a non-wire router of LB-Link. There is a safety loophole in a number of LB-Link products, which stems from the presence of unauthorized orders into the /goform/set security cfg interface, which may result in the remote execution of malicious orders. The following products and versions were affected: BL-AC2100 AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000 AE4 v2.4.9, BL-AC1900 AZ2 v1.0.2, BL-X26 AC8 v1.2.8 and BL-LTE300 DA4 V1.2.3.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

网御星云

Published

2025-09-22

Last Modified

2026-02-24

References

https://www.b-link.net.cn/ http://bl-ac2100.com https://github.com/mono7s/LB-Link/blob/main/bs_SetSerial.md https://access.redhat.com/security/cve/cve-2025-57685

Share on: