CVE-2025-1610

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LB-LINK AC1900 Router version 1.0.2

Description The issue concerns an os command injection vulnerability, specifically affecting the /goform/set blacklist endpoint, where the mac and enable variables are involved.

Recommendations For LB-LINK AC1900 Router version 1.0.2, avoid using the /goform/set blacklist endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2025-07207

CVE-2025-1610

Affected Products

Lb-Link Ac1900 Router

CVE-2025-1610

Weakness Enumeration

Related Identifiers

Affected Products

References · 12