GCVE - cpe:2.3:o:lb-link:ac1900_firmware:1.0.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:lb-link:ac1900_firmware:1.0.2:*:*:*:*:*:*:*

part: o version: 1.0.2 update: *

Vendor	Lb Link (`c4849bfd-1224-5f4c-8b14-44a0ede55748`)
Product	Ac1900 Firmware (`d76f7bee-4c6b-539f-a484-caba581105b4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-1610`	vulnerable	2026-06-03 14:59:05.876438	LB-LINK AC1900 Router set_blacklist websGetVar os command injection MEDIUM (6.3) A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-02-24T01:31:04.610Z Updated: 2025-02-24T11:48:52.997Z Open on db.gcve.eu Reference links https://vuldb.com/?id.296600 https://vuldb.com/?ctiid.296600 https://vuldb.com/?submit.501024 https://noisy-caravel-a9a.notion.site/LBLINK_AC1900_V1-0-2_-set_blacklist-_-bs_SetMacBlack-_CI-179898c94eac802b9451fcb79aa668c3?pvs=74	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1609`	vulnerable	2026-06-03 14:59:05.876009	LB-LINK AC1900 Router set_cmd websGetVar os command injection MEDIUM (6.3) A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-02-24T01:00:10.512Z Updated: 2025-02-24T11:50:41.298Z Open on db.gcve.eu Reference links https://vuldb.com/?id.296599 https://vuldb.com/?ctiid.296599 https://vuldb.com/?submit.501023 https://noisy-caravel-a9a.notion.site/LBLINK_AC1900_V1-0-2_-set_cmd-_-bs_SetCmd-_CI-179898c94eac808e8875e0b8e1bee47e?pvs=74	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1608`	vulnerable	2026-06-03 14:59:05.873931	LB-LINK AC1900 Router set_manpwd websGetVar os command injection MEDIUM (6.3) A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-02-24T00:31:07.007Z Updated: 2025-02-24T11:52:05.400Z Open on db.gcve.eu Reference links https://vuldb.com/?id.296598 https://vuldb.com/?ctiid.296598 https://vuldb.com/?submit.501022 https://noisy-caravel-a9a.notion.site/LBLINK_AC1900_V1-0-2_-set_manpwd-_-bl_do_system-_CI-179898c94eac81b9bf56c1f64db77e2d?pvs=74	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.