Vulnerability Details CVE-2023-26801
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.267
EPSS Ranking 96.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers
- https://www.akamai.com/blog/security-research/cve-2023-26801-exploited-spreading-mirai-botnet
- https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers
Products affected by CVE-2023-26801
-
cpe:2.3:h:lb-link:bl-ac1900:2.0
-
cpe:2.3:h:lb-link:bl-lte300:-
-
cpe:2.3:h:lb-link:bl-wr9000:-
-
cpe:2.3:h:lb-link:bl-x26:-
-
cpe:2.3:o:lb-link:bl-ac1900_firmware:1.0.1
-
cpe:2.3:o:lb-link:bl-lte300_firmware:1.0.8
-
cpe:2.3:o:lb-link:bl-wr9000_firmware:2.4.9
-
cpe:2.3:o:lb-link:bl-x26_firmware:1.2.5