LB-LINK Routers Information Disclosure Vulnerability

A critical information disclosure vulnerability has been identified in several LB-LINK router models, including the BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000, all versions prior to 20250702. The vulnerability resides in the 'bs_GetHostInfo' function of the 'libblinkapi.so' library, accessed through the '/cgi-bin/lighttpd.cgi' file. This issue allows sensitive information, such as the administrator's plaintext password, to be exposed to remote attackers without authentication. The vulnerability has been publicly disclosed and is known to be exploitable.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information, including administrative credentials, which could be used to gain full control over the affected router's configuration.

Reproduction

The vulnerability can be reproduced by sending a request to the 'gethostinfo' endpoint via the Lighttpd CGI interface. The 'bs_GetHostInfo' function will respond with a significant amount of sensitive data, including the administrator's plaintext password.

Remediation

Users are advised to implement restrictive firewall rules to block unauthorized access to the router's management interface.