LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure

July 13, 2025 invoker category_cve

CVE Details

Basic Information

Title LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure
Type cve
Published 2025-07-14T02:44:05.555Z
Modified 2025-07-14T02:44:05.555Z

Product Information

Vendor LB-LINK
Product BL-AC3600
Version 1.0.0

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Affected Products

  • LB-LINK BL-AC3600 1.0.0
  • LB-LINK BL-AC3600 1.0.1
  • LB-LINK BL-AC3600 1.0.2
  • LB-LINK BL-AC3600 1.0.3
  • LB-LINK BL-AC3600 1.0.4
  • LB-LINK BL-AC3600 1.0.5
  • LB-LINK BL-AC3600 1.0.6
  • LB-LINK BL-AC3600 1.0.7
  • LB-LINK BL-AC3600 1.0.8
  • LB-LINK BL-AC3600 1.0.9
  • LB-LINK BL-AC3600 1.0.10
  • LB-LINK BL-AC3600 1.0.11
  • LB-LINK BL-AC3600 1.0.12
  • LB-LINK BL-AC3600 1.0.13
  • LB-LINK BL-AC3600 1.0.14
  • LB-LINK BL-AC3600 1.0.15
  • LB-LINK BL-AC3600 1.0.16
  • LB-LINK BL-AC3600 1.0.17
  • LB-LINK BL-AC3600 1.0.18
  • LB-LINK BL-AC3600 1.0.19
  • LB-LINK BL-AC3600 1.0.20
  • LB-LINK BL-AC3600 1.0.21
  • LB-LINK BL-AC3600 1.0.22

Additional Information

CWE List CWE-200, CWE-284
Source VulDB

Description

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.