CVE-2025-57685
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-11-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lb-link | bl-ac1900_az2 | v1.0.2 |
| lb-link | bl-lte300_da4 | v1.2.3 |
| lb-link | bl-wr9000_ae4 | v2.4.9 |
| lb-link | bl-x26_ac8 | v1.2.8 |
| lb-link | bl-wr4000 | v2.5.0 |
| lb-link | bl-ac2100_az3 | v1.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects certain LB-Link router models and allows attackers to perform unauthorized command injection by accessing the /goform/set_serial_cfg interface. Exploiting this flaw lets attackers gain the highest level of device privileges without authorization and remotely execute malicious commands on the device.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow attackers to take full control of the affected router remotely. This can lead to unauthorized changes to device settings, interception or disruption of network traffic, deployment of malware, or use of the device as a foothold for further attacks within the network.