We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-7573

LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure



Description

EN DE

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Eine Schwachstelle wurde in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 bis 20250702 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion bs_GetManPwd in der Bibliothek libblinkapi.so der Datei /cgi-bin/lighttpd.cgi. Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-07-13 | Published 2025-07-14 | Updated 2025-07-14 | Assigner VulDB


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R
5.0AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR

Problem types

Information Disclosure

Improper Access Controls

Product status

20250702
affected

20250702
affected

20250702
affected

20250702
affected

20250702
affected

20250702
affected

Timeline

2025-07-13:Advisory disclosed
2025-07-13:VulDB entry created
2025-07-13:VulDB entry last update

Credits

waiwai24 (VulDB User) reporter

References

vuldb.com/?id.316271 (VDB-316271 | LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure) vdb-entry technical-description

vuldb.com/?ctiid.316271 (VDB-316271 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.608010 (Submit #608010 | Blink BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 Informati) third-party-advisory

github.com/...closure_Risk_in_Various_Blink_Router_Models.md related

github.com/...closure_Risk_in_Various_Blink_Router_Models.md exploit

cve.org (CVE-2025-7573)

nvd.nist.gov (CVE-2025-7573)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-7573

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.