Primary

Context

LB-LINK BL-AC3600 Command Injection Vulnerability in Password Handler

Vulnerability

A critical command injection vulnerability has been identified in LB-LINK BL-AC3600 routers running firmware versions through 1.0.22. The issue arises in the Password Handler component, specifically within the easy_uci_set_option_string_0 function of the lighttpd.cgi file. The vulnerability can be exploited remotely by manipulating the routepwd argument.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

The vulnerability can be reproduced by sending a request to the device's lighttpd.cgi file with a crafted routepwd argument that includes malicious commands. This can be done using a simple Python script that automates the process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LB-LINK BL-AC3600 Command Injection Vulnerability in Password Handler

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating