Lb-Link: Security Vulnerabilities
An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-04-02
An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-04-02
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-11-01
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-06-14
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-14
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-06-14
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.
CVSS Score
9.8
EPSS Score
0.267
Published
2023-03-26