GCVE - cpe:2.3:h:lb-link:bl-wr9000:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:lb-link:bl-wr9000:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Lb Link (`c4849bfd-1224-5f4c-8b14-44a0ede55748`)
Product	Bl Wr9000 (`a03c0254-6bb0-5fcb-a244-08ef29b6005f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4228`	not_vulnerable	2026-06-03 15:26:24.975577	LB-LINK BL-WR9000 set_wifi sub_458754 command injection MEDIUM (6.3) A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-03-16T08:02:10.790Z Updated: 2026-03-16T16:41:59.288Z Open on db.gcve.eu Reference links https://vuldb.com/?id.351151 https://vuldb.com/?ctiid.351151 https://vuldb.com/?submit.771210 https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_wlanpswencry%20command%20injection_EN.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-4227`	not_vulnerable	2026-06-03 15:26:24.975073	LB-LINK BL-WR9000 get_hidessid_cfg sub_44D844 buffer overflow HIGH (8.8) A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-03-16T08:02:08.436Z Updated: 2026-03-16T16:48:52.842Z Open on db.gcve.eu Reference links https://vuldb.com/?id.351150 https://vuldb.com/?ctiid.351150 https://vuldb.com/?submit.771209 https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_HideSSID%20stack%20overflow_EN.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-4226`	not_vulnerable	2026-06-03 15:26:24.974257	LB-LINK BL-WR9000 get_virtual_cfg sub_44E8D0 stack-based overflow HIGH (8.8) A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-03-16T07:32:10.845Z Updated: 2026-03-16T17:06:42.899Z Open on db.gcve.eu Reference links https://vuldb.com/?id.351149 https://vuldb.com/?ctiid.351149 https://vuldb.com/?submit.771207 https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_VirtualRules%20stack%20overflow_EN.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26801`	not_vulnerable	2026-06-03 14:51:00.375488	Details available LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. Published: 2023-03-26T00:00:00.000Z Updated: 2025-05-05T16:03:35.752Z Open on db.gcve.eu Reference links https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers https://www.akamai.com/blog/security-research/cve-2023-26801-exploited-spreading-mirai-botnet	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.