LB-LINK Routers Web Interface Improper Authentication Vulnerability Allowing Arbitrary Operation Execution

A critical vulnerability has been identified in several LB-LINK router models, including the BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000, all versions prior to 20250702. The issue resides in the web management interface, specifically within the 'reboot/restore' function of the '/cgi-bin/lighttpd.cgi' file. This vulnerability stems from improper authentication, allowing remote attackers to execute sensitive operations such as rebooting the device or performing a factory reset. Such actions can disrupt network services and result in the loss of configuration data.

Impact

Exploitation of this vulnerability allows for improper authentication, enabling unauthorized users to execute sensitive operations on the affected router models. This could lead to unauthorized reboots or factory resets, causing service interruptions and loss of configuration data.

Reproduction

The vulnerability can be reproduced by sending HTTP requests to the '/cgi-bin/lighttpd.cgi' file, targeting the 'reboot/restore' function. Since the vulnerability exists due to improper authentication, these requests can be made without any authentication or verification of the requester's identity or permissions.

Remediation

Users are advised to apply restrictive firewalling to mitigate this vulnerability.