CVE-2025-7574

Name of the Vulnerable Software and Affected Versions LB-LINK BL-AC1900, BL-AC2100 AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000 versions up to 20250702

Description A critical vulnerability exists in the Web Interface component of the affected devices. The vulnerability is related to the reboot/restore function within the /cgi-bin/lighttpd.cgi file, leading to improper authentication. This allows for remote attacks. The exploit for this issue has been publicly disclosed. The vendor was informed of the vulnerability but did not respond.

Recommendations LB-LINK BL-AC1900 versions prior to 20250702 LB-LINK BL-AC2100 AZ3 versions prior to 20250702 LB-LINK BL-AC3600 versions prior to 20250702 LB-LINK BL-AX1800 versions prior to 20250702 LB-LINK BL-AX5400P versions prior to 20250702 LB-LINK BL-WR9000 versions prior to 20250702 As a temporary workaround, consider disabling access to the /cgi-bin/lighttpd.cgi file until a patch is available.