CVE-2025-1609 | LB-LINK AC1900 Router 1.0.2 /goform/set_cmd websGetVar os command injection

Posted by Angelo Barbosa | Feb 23, 2025 | CVE

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection.

This vulnerability is known as CVE-2025-1609. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1609 | LB-LINK AC1900 Router 1.0.2 /goform/set_cmd websGetVar os command injection

Related Posts

CVE-2024-34423 | phpbits Forty Four Plugin up to 1.4 on WordPress cross site scripting

CVE-2024-56267 | Fla-shop Interactive UK Map Plugin up to 3.4.8 on WordPress cross site scripting

CVE-2024-12949 | code-projects Travel Management System 1.0 /package.php subcatid sql injection

CVE-2024-4738 | Campcodes Legal Case Management System 1.0 new_client cross site scripting