Approved changes feed: RSS · Atom
cpe:2.3:a:lb-link:bl-ac3600:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Lb Link (c4849bfd-1224-5f4c-8b14-44a0ede55748) |
|---|---|
| Product | Bl Ac3600 (6183efe3-65ce-5966-9cb9-af6fccc08b13) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7574 |
vulnerable | 2026-06-03 15:13:40.442597 |
LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication
CRITICAL (9.8)
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-07-14T05:02:05.631Z
Updated: 2025-07-14T13:59:10.244Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7573 |
vulnerable | 2026-06-03 15:13:40.441633 |
LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure
MEDIUM (5.3)
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-07-14T04:44:05.217Z
Updated: 2025-07-14T14:00:44.215Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7572 |
vulnerable | 2026-06-03 15:13:40.434653 |
LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure
MEDIUM (5.3)
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-07-14T04:32:06.275Z
Updated: 2025-07-14T13:20:49.491Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7565 |
vulnerable | 2026-06-03 15:13:40.407976 |
LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure
MEDIUM (5.3)
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-07-14T02:44:05.555Z
Updated: 2025-07-14T14:01:09.770Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7564 |
vulnerable | 2026-06-03 15:13:40.402274 |
LB-LINK BL-AC3600 shadow hard-coded credentials
HIGH (7.8)
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-07-14T02:32:05.381Z
Updated: 2025-07-14T14:47:58.385Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4076 |
vulnerable | 2026-06-03 15:01:46.705168 |
LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection
MEDIUM (6.3)
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-29T18:00:06.757Z
Updated: 2025-04-29T18:52:45.489Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.