← Back

Lb Link

lb-link

18 CVEs • 20 products

Products (20)

Click to collapse
Toggle
Bl Wr9000 Firmware
bl-wr9000_firmware
4 CVEs
Bl W1210m Firmware
bl-w1210m_firmware
3 CVEs
Ac1900 Firmware
ac1900_firmware
3 CVEs
Bl Ac2100 Firmware
bl-ac2100_firmware
3 CVEs
Bl X26 Firmware
bl-x26_firmware
2 CVEs
Bl Ac3600 Firmware
bl-ac3600_firmware
2 CVEs
Bl Lte300 Firmware
bl-lte300_firmware
1 CVE
Bl Ac1900 Firmware
bl-ac1900_firmware
1 CVE
Bl Wr1300h Firmware
bl-wr1300h_firmware
1 CVE
Bl Cpe300m Firmware
bl-cpe300m_firmware
1 CVE
Bl Lte300
bl-lte300
0 CVEs
Bl X26
bl-x26
0 CVEs
Bl Wr9000
bl-wr9000
0 CVEs
Bl Ac1900
bl-ac1900
0 CVEs
Bl W1210m
bl-w1210m
0 CVEs
Bl Wr1300h
bl-wr1300h
0 CVEs
Ac1900
ac1900
0 CVEs
Bl Ac2100
bl-ac2100
0 CVEs
Bl Ac3600
bl-ac3600
0 CVEs
Bl Cpe300m
bl-cpe300m
0 CVEs

CVEs (18)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-4228
1Lb Link
1Bl Wr9000 Firmware
Apr 29, 2026
Mar 16, 2026
2.1 LOW· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The...Show more
A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-4227
1Lb Link
1Bl Wr9000 Firmware
Mar 20, 2026
Mar 16, 2026
7.4 HIGH· v4
7.5 HIGH· v3
9.0 HIGH· v2
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to in...Show more
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-4226
1Lb Link
1Bl Wr9000 Firmware
Mar 20, 2026
Mar 16, 2026
7.4 HIGH· v4
9.8 CRITICAL· v3
9.0 HIGH· v2
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack...Show more
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10773
1Lb Link
1Bl Ac2100 Firmware
Sep 30, 2025
Sep 22, 2025
7.4 HIGH· v4
8.8 HIGH· v3
9.0 HIGH· v2
A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of...Show more
A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of the argument Type results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-57278
1Lb Link
1Bl Cpe300m Firmware
Oct 10, 2025
Sep 9, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants acce...Show more
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or verifying client identity. There are no session tokens, cookies, or unique identifiers in place. This flaw allows an attacker to obtain full administrative access simply by configuring their device to use the same IP address as a previously authenticated user. This results in a complete authentication bypass.Show less
CVE-2025-9580
1Lb Link
1Bl X26 Firmware
Apr 29, 2026
Aug 28, 2025
2.1 LOW· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os comm...Show more
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-7565
1Lb Link
1Bl Ac3600 Firmware
Jul 17, 2025
Jul 14, 2025
5.5 MEDIUM· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipu...Show more
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-7564
1Lb Link
1Bl Ac3600 Firmware
Apr 29, 2026
Jul 14, 2025
7.1 HIGH· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin...Show more
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-29063
1Lb Link
1Bl Ac2100 Firmware
Apr 29, 2025
Apr 2, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.
CVE-2025-29062
1Lb Link
1Bl Ac2100 Firmware
Apr 29, 2025
Apr 2, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice.
CVE-2025-1610
1Lb Link
1Ac1900 Firmware
Nov 4, 2025
Feb 24, 2025
5.3 MEDIUM· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads...Show more
A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-1609
1Lb Link
1Ac1900 Firmware
Nov 4, 2025
Feb 24, 2025
5.3 MEDIUM· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads...Show more
A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-1608
1Lb Link
1Ac1900 Firmware
Nov 4, 2025
Feb 24, 2025
5.3 MEDIUM· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os comm...Show more
A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-51431
1Lb Link
1Bl Wr1300h Firmware
Nov 5, 2024
Nov 1, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
CVE-2024-33373
1Lb Link
1Bl W1210m Firmware
Jun 6, 2025
Jun 14, 2024
N/A· v4
6.3 MEDIUM· v3
N/A· v2
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via...Show more
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.Show less
CVE-2024-33377
1Lb Link
1Bl W1210m Firmware
May 30, 2025
Jun 14, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on th...Show more
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.Show less
CVE-2024-33375
1Lb Link
1Bl W1210m Firmware
May 30, 2025
Jun 14, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
CVE-2023-26801
1Lb Link
4Bl Ac1900 Firmware
Bl Lte300 FirmwareBl Wr9000 Firmware+1 more
May 5, 2025
Mar 26, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform...Show more
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.Show less