CVE-2025-7574 | LB-LINK BL-WR9000 up to 20250702 Web Interface /cgi-bin/lighttpd.cgi reboot/restore improper authentication

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication.

This vulnerability is traded as CVE-2025-7574. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7574 | LB-LINK BL-WR9000 up to 20250702 Web Interface /cgi-bin/lighttpd.cgi reboot/restore improper authentication

Post correlati

CVE-2024-34449 | vanessa219 Vditor 3.10.3 Element Attribute cross site scripting

CVE-2024-2113 | kstover Ninja Forms Contact Form Plugin up to 3.8.0 on WordPress nf_download_all_subs cross-site request forgery

CVE-2024-5433 | Campbell Scientific CSI Web Server up to 1.6 path traversal (icsa-24-149-01)

CVE-2024-50590 | Hasomed Elefant 1.4.2.1811/24.03.03 fbserver.exe default permission