CVE-2025-57278
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-10-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lb-link | bl-cpe300m_firmware | * |
| lb-link | bl-cpe300m | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57278 is a vulnerability in the LB-Link BL-CPE300M AX300 4G LTE Router firmware where the router does not properly handle user sessions. After a user logs in from a specific IP address, the router allows any other device using that same IP to access the router's administrative interface without requiring login credentials or verifying identity. This happens because the router lacks session tokens, cookies, or unique identifiers to track authenticated sessions. As a result, an attacker can bypass authentication simply by configuring their device to use the same IP address as a previously authenticated user, gaining full administrative access. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker on the local network or LAN to gain full administrative access to the affected router without needing valid credentials. The attacker can then perform any administrative actions such as changing configurations, accessing logs, or rebooting the device. This compromises the security and integrity of the network managed by the router, potentially leading to unauthorized network control and data exposure. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the router grants administrative access to multiple clients sharing the same IP address without requiring authentication. One way to test this is to authenticate from one device, then configure another device on the same network to use the same IP address and attempt to access the router's management interface endpoints such as /goform/* or /api/*. If access is granted without credentials, the vulnerability exists. Specific commands depend on your network setup, but you might use tools like curl or wget to attempt access to these endpoints from different devices with the same IP. For example, from a device with the same IP, you could run: curl -I http://<router-ip>/goform/status or curl -I http://<router-ip>/api/config to check if access is granted without authentication. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's management interface to trusted devices only, avoiding IP address sharing among clients, and monitoring for unauthorized access from duplicate IP addresses. Since the vulnerability is due to improper session handling and lack of session tokens, applying any available firmware updates from LB-Link that address this issue is critical. If no patch is available, consider isolating the router management interface from the LAN or using network segmentation to limit access. Additionally, changing default credentials and disabling remote management can reduce exposure. [1]