CVE-2025-7564 | LB-LINK BL-AC3600 1.0.22 /etc/shadow hard-coded credentials

Inserito da Angelo Barbosa | Lug 12, 2025 | CVE

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials.

This vulnerability is handled as CVE-2025-7564. Local access is required to approach this attack. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7564 | LB-LINK BL-AC3600 1.0.22 /etc/shadow hard-coded credentials

Post correlati

CVE-2024-32911 | Google Android kernel Remote Code Execution

CVE-2024-8803 | Bulk NoIndex & NoFollow Toolkit Plugin up to 2.15 on WordPress cross site scripting

CVE-2024-4460 | ZenML up to 0.57.0 resource consumption

CVE-2024-4561 | Progress WhatsUp Gold up to 2023.1.1 HTTP Request server-side request forgery