CVE-2025-7574
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-14

Last updated on: 2025-07-15

Assigner: VulDB

Description
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-14
Last Modified
2025-07-15
Generated
2026-05-27
AI Q&A
2025-07-14
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7574
EUVD
EUVD-2025-21310
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
lb-link bl-ac2100_az3 *
lb-link bl-ac3600 *
lb-link bl-wr9000 *
lb-link bl-ax5400p *
lb-link bl-ac1900 *
lb-link bl-ax1800 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a critical improper authentication flaw found in several LB-LINK router models. It affects the reboot and restore functions in the web interface component, specifically the /cgi-bin/lighttpd.cgi file. Due to improper verification of the requester's identity and permissions, an attacker can remotely execute sensitive commands like restarting the router or performing a factory reset without any authentication. [1, 2]


How can this vulnerability impact me? :

Exploiting this vulnerability can lead to network service interruptions by forcing router restarts and loss of configuration data through unauthorized factory resets. It compromises the confidentiality, integrity, and availability of the affected devices, potentially disrupting network operations and exposing the network to further attacks. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP requests to the endpoint /cgi-bin/lighttpd.cgi on affected LB-LINK router models. Specifically, look for unauthorized or suspicious HTTP requests attempting to invoke the reboot or restore functions without proper authentication. Network traffic capture tools like tcpdump or Wireshark can be used to filter such requests. For example, you can use the command: tcpdump -i <interface> 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' to capture HTTP traffic and then inspect for requests to /cgi-bin/lighttpd.cgi. Additionally, using curl or wget to test access to the endpoint without authentication can help verify if the vulnerability is present, e.g., curl http://<router-ip>/cgi-bin/lighttpd.cgi?reboot or similar commands. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include implementing restrictive firewall rules to block unauthorized access to the web management interface, especially blocking external access to the /cgi-bin/lighttpd.cgi endpoint. Limit access to trusted IP addresses only. Disable remote management if not necessary. Since the vendor has not provided a patch, network-level controls are critical. Monitoring and logging access attempts to the router's web interface can also help detect exploitation attempts. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart