Pix-Link LV-WR21Q Missing Authentication Vulnerability in Homepage Info Endpoint

Vulnerability

A vulnerability exists in the Pix-Link LV-WR21Q router in version V108_108, where the endpoint '/goform/getHomePageInfo' lacks authentication. This flaw allows remote, unauthenticated attackers to access sensitive information, such as the cleartext password for the access point. While only version V108_108 has been confirmed vulnerable, other versions may also be affected.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information, specifically the cleartext password of the access point.

Added: Jan 27, 2026, 12:18 PM

Updated: Jan 27, 2026, 3:06 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pix-Link LV-WR21Q Missing Authentication Vulnerability in Homepage Info Endpoint

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating