LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
The router firmware does not apply any encryption or hashing mechanism to protect stored authentication data. A person who gains access to the firmware file — for example through extraction from flash memory, firmware image download, or another vulnerability on the same device — can read passwords in plaintext without needing to crack them. CWE-256 (Plaintext Storage of a Password) confirms the lack of any cryptographic protection of stored credentials.
An attacker can obtain complete authentication credentials for the router, leading to takeover of the device, modification of its network configuration, and potential lateral movement within the local network.
Patches available from the manufacturer should be applied according to references. Additionally, it is recommended to change all passwords configured on the device and restrict physical and network access to the router's management interface until the patch is deployed.
LB-LINK BL-W1210M Firmware version 2.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLb Link Bl W1210m
HWLb-Link2.0Lb Link Bl W1210m Firmware
OSLb-Linkwszystkie wersje
Related vulnerabilities
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page...
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and ...
RCE w LB-Link BL-AC2100 — nieprawidłowa obsługa parametru enable
RCE w LB-Link BL-AC2100 przez parametry set_LimitClient_cfg
Zakodowane na stałe dane uwierzytelniające w routerze LB-LINK BL-WR1300H