CVE-2025-12387
Denial of Service in Pix-Link LV-WR21Q Language Module
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pix-link | lv-wr21q | v108_108 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Pix-Link LV-WR21Q router's language module. Remote attackers can send a specially crafted HTTP POST request with a non-existing language parameter, causing the server to fail to serve the correct lang.js file. This results in the administrator panel becoming non-functional, causing a denial of service (DoS) until the language settings are corrected.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service (DoS) on the router's administrator panel, making it unusable until the language settings are reverted to a correct value. However, other router functionalities remain unaffected.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid sending HTTP POST requests with non-existing language parameters to the Pix-Link LV-WR21Q router. If the administrator panel becomes unresponsive due to this issue, revert the language settings to a correct value to restore functionality.