GCVE - cpe:2.3:o:lb-link:bl-ac3600_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:lb-link:bl-ac3600_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Lb Link (`c4849bfd-1224-5f4c-8b14-44a0ede55748`)
Product	Bl Ac3600 Firmware (`cc5f7ff6-1b33-5cd6-92d4-cdcb66558b11`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-7565`	vulnerable	2026-06-03 15:13:40.408125	LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure MEDIUM (5.3) A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-07-14T02:44:05.555Z Updated: 2025-07-14T14:01:09.770Z Open on db.gcve.eu Reference links https://vuldb.com/?id.316263 https://vuldb.com/?ctiid.316263 https://vuldb.com/?submit.605632 https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Plaintext_Password_Leakage_in_the_Web_Management_Interface_of_BL-AC3600_Routers.md#poc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-7564`	vulnerable	2026-06-03 15:13:40.405426	LB-LINK BL-AC3600 shadow hard-coded credentials HIGH (7.8) A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-07-14T02:32:05.381Z Updated: 2025-07-14T14:47:58.385Z Open on db.gcve.eu Reference links https://vuldb.com/?id.316262 https://vuldb.com/?ctiid.316262 https://vuldb.com/?submit.605630 https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Hardcoded_Credentials_in_BL-AC3600_Routers.md https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Hardcoded_Credentials_in_BL-AC3600_Routers.md#poc	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.