Unauthorized Command Injection in LB-Link Routers
CVE-2025-57685

Currently unrated

Key Information:

Vendor: LB-Link
Status: LB-Link Routers
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-57685?

LB-Link routers are susceptible to an unauthorized command injection vulnerability that can be exploited through the /goform/set_serial_cfg interface. This flaw allows attackers to gain elevated privileges on the device, enabling them to execute malicious commands remotely. It is crucial for users of affected models to secure their routers against potential exploitation.

References

https://www.b-link.net.cn/

http://bl-ac2100.com

https://github.com/mono7s/LB-Link/blob/main/bs_SetSerial.md

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Aug 17, 2025

JSON