CVE-2025-1610 | LB-LINK AC1900 Router 1.0.2 /goform/set_blacklist websGetVar mac/enable os command injection

Inserito da Angelo Barbosa | Feb 23, 2025 | CVE

A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection.

This vulnerability is handled as CVE-2025-1610. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1610 | LB-LINK AC1900 Router 1.0.2 /goform/set_blacklist websGetVar mac/enable os command injection

Post correlati

CVE-2023-46952 | ABO.CMS 5.9.3 HTTP Header Referer cross site scripting

CVE-2024-1870 | Colibri Page Builder Plugin up to 1.0.260 on WordPress authorization

CVE-2025-1044 | Logsign Unified SecOps Platform improper authentication

CVE-2025-22894 | Humming Heads Defense Platform Home Edition up to 3.9.51.x Message shatter