CVE-2025-7572

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-AC1900 LB-LINK BL-AC2100 AZ3 LB-LINK BL-AC3600 LB-LINK BL-AX1800 LB-LINK BL-AX5400P LB-LINK BL-WR9000 versions up to 20250702

Description: A critical vulnerability exists that leads to information disclosure. The vulnerability affects the bs GetHostInfo function within the libblinkapi.so library, located in the /cgi-bin/lighttpd.cgi file. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations: For LB-LINK BL-AC1900, BL-AC2100 AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000 versions up to 20250702, update to a newer version that addresses this issue. As a temporary workaround, consider restricting access to the /cgi-bin/lighttpd.cgi file to minimize the risk of exploitation.