HIGH🇵🇱 Wersja polska

CVE-2025-10773

CVSS 7.4v4.0pub. 2025-09-22upd. 2025-09-30

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of the argument Type results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Lb Link Bl Ac2100

    HW
    Lb-Link
    wszystkie wersje
  • Lb Link Bl Ac2100 Firmware

    OS
    Lb-Link
    ≤ 1.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-29062CRITICAL9.8PL ✓ten sam produkt

RCE w LB-Link BL-AC2100 przez parametry set_LimitClient_cfg

CVE-2025-29063CRITICAL9.8PL ✓ten sam produkt

RCE w LB-Link BL-AC2100 — nieprawidłowa obsługa parametru enable

CVE-2024-51431CRITICAL9.8PL ✓ten sam vendor

Zakodowane na stałe dane uwierzytelniające w routerze LB-LINK BL-WR1300H

CVE-2024-33375CRITICAL9.8PL ✓ten sam vendor

LB-LINK BL-W1210M — przechowywanie danych uwierzytelniających w postaci jawnej

CVE-2023-26801CRITICAL9.8ten sam vendor

LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 we...