CVE-2025-12387
Unknown Unknown - Not Provided
Denial of Service in Pix-Link LV-WR21Q Language Module

Publication date: 2026-01-27

Last updated on: 2026-01-27

Assigner: CERT.PL

Description
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes administrator panel to not work, resulting in DoS until the language settings is reverted to a correct value. The Denial of Service affects only the administrator panel and does not affect other router functionalities. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version V108_108 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-27
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12387
EUVD
EUVD-2025-206411
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pix-link lv-wr21q v108_108
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Pix-Link LV-WR21Q router's language module. Remote attackers can send a specially crafted HTTP POST request with a non-existing language parameter, causing the server to fail to serve the correct lang.js file. This results in the administrator panel becoming non-functional, causing a denial of service (DoS) until the language settings are corrected.

Impact Analysis

The impact of this vulnerability is a denial of service (DoS) on the router's administrator panel, making it unusable until the language settings are reverted to a correct value. However, other router functionalities remain unaffected.

Mitigation Strategies

To mitigate this vulnerability, avoid sending HTTP POST requests with non-existing language parameters to the Pix-Link LV-WR21Q router. If the administrator panel becomes unresponsive due to this issue, revert the language settings to a correct value to restore functionality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart