Lb-Link Bl-Wr9000 vulnerabilities
6 known vulnerabilities affecting lb-link/bl-wr9000.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-4228P2CRITICALCVSS 9.8v2.4.92026-03-16
CVE-2026-4228 [CRITICAL] CWE-74 CVE-2026-4228: A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the
A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd
CVE-2025-7574P2CRITICALCVSS 9.8v202507022025-07-14
CVE-2025-7574 [CRITICAL] CWE-287 CVE-2025-7574: A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the atta
nvd
CVE-2026-4226P2CRITICALCVSS 9.8v2.4.92026-03-16
CVE-2026-4226 [CRITICAL] CWE-119 CVE-2026-4226: A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was cont
nvd
CVE-2026-4227P3HIGHCVSS 7.5v2.4.92026-03-16
CVE-2026-4227 [HIGH] CWE-119 CVE-2026-4227: A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the f
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosu
nvd
CVE-2025-7573P3MEDIUMCVSS 5.3v202507022025-07-14
CVE-2025-7573 [MEDIUM] CWE-200 CVE-2025-7573: A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated
nvd
CVE-2025-7572P3MEDIUMCVSS 5.3v202507022025-07-14
CVE-2025-7572 [MEDIUM] CWE-200 CVE-2025-7572: A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remote
nvd