Auth bypass in Lb-link Bl-ac1900
CVE-2025-7574
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of t…
Vulnerability class: Broken Authentication
EPSS: 0.012 (79.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R.
Affected products
- Lb-link Bl-ac1900 — versions 20250702
- Lb-link Bl-ac2100_az3 — versions 20250702
- Lb-link Bl-ac3600 — versions 20250702
- Lb-link Bl-ax1800 — versions 20250702
- Lb-link Bl-ax5400p — versions 20250702
- Lb-link Bl-wr9000 — versions 20250702
Weakness classification (CWE)
References
- VDB-316272 | LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication (vdb-entry, technical-description)
- VDB-316272 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #608018 | Blink BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 Incorrect (third-party-advisory)
- github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink… (related)
- github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink… (exploit)
Frequently asked questions
- What is CVE-2025-7574?
- CVE-2025-7574 is a critical-severity vulnerability in Lb-link Bl-ac1900, classified under Improper Authentication. CVSS score: 9.8/10. Published 2025-07-14.
- How severe is CVE-2025-7574?
- Critical severity. CVSS v3 base score is 9.8 out of 10.