Unauthorized Command Injection in LB-Link Routers
CVE-2025-57685

8.8HIGH

Key Information:

Vendor: LB-Link
Status: LB-Link Routers
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-57685?

LB-Link routers are susceptible to an unauthorized command injection vulnerability that can be exploited through the /goform/set_serial_cfg interface. This flaw allows attackers to gain elevated privileges on the device, enabling them to execute malicious commands remotely. It is crucial for users of affected models to secure their routers against potential exploitation.

References

https://www.b-link.net.cn/

http://bl-ac2100.com

https://github.com/mono7s/LB-Link/blob/main/bs_SetSerial.md

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Aug 17, 2025

JSON