CVE-2025-7565 | LB-LINK BL-AC3600 up to 1.0.22 Web Management Interface /cgi-bin/lighttpd.cgi geteasycfg Password information disclosure

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure.

This vulnerability is uniquely identified as CVE-2025-7565. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7565 | LB-LINK BL-AC3600 up to 1.0.22 Web Management Interface /cgi-bin/lighttpd.cgi geteasycfg Password information disclosure

Post correlati

CVE-2024-41119 | opengeos streamlit-geospatial 8_????️_Raster_Data_Visualization.py eval vis_params input validation (GHSL-2024-100)

CVE-2024-1697 | Custom WooCommerce Checkout Fields Editor Plugin up to 1.3.1 on WordPress cross site scripting

CVE-2024-34816 | Revmakx WPCal.io Plugin up to 0.9.5.8 on WordPress cross-site request forgery

CVE-2023-51157 | ZKTeco WDMS 5.1.3 Emp Name cross site scripting