CVE-2025-1609 | LB-LINK AC1900 Router 1.0.2 /goform/set_cmd websGetVar os command injection

Posted by Angelo Barbosa | Feb 23, 2025 | CVE

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection.

This vulnerability is known as CVE-2025-1609. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1609 | LB-LINK AC1900 Router 1.0.2 /goform/set_cmd websGetVar os command injection

Related Posts

CVE-2024-25922 | Peach Payments Gateway Plugin up to 3.1.9 on WordPress authorization

CVE-2023-35136 | Zyxel ATP/USG FLEX/USG FLEX 50/USG20-VPN/VPN Configuration File information disclosure

CVE-2024-10668 | Google Nearby Quickshare unrestricted upload

CVE-2023-7167 | Persian Fonts Plugin up to 1.6 on WordPress cross site scripting