PT-2025-35128 · Lb Link · Lb-Link Bl-X26
Qmssdxn
·
Published
2025-08-28
·
Updated
2025-08-28
·
CVE-2025-9579
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LB-LINK BL-X26 version 1.2.8
Description
A weakness exists in the HTTP Handler component due to the manipulation of the
enable argument within the /goform/set hidessid cfg file, leading to os command injection. This issue can be exploited remotely. The exploit has been made publicly available. The vendor was notified but did not respond.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lb-Link Bl-X26