Information Disclosure Vulnerability in LB-LINK BL Series Routers
CVE-2025-7572

6.9MEDIUM

Key Information:

Vendor

Lb-link

Status
Bl-ac1900
Bl-ac2100 Az3
Bl-ac3600
Bl-ax1800
Vendor
CVE Published:
14 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7572?

A vulnerability exists in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000 routers, which impacts the bs_GetHostInfo function in libblinkapi.so located in /cgi-bin/lighttpd.cgi. This flaw allows remote attackers to access sensitive information, potentially leading to unauthorized exposure of system data. Despite knowing this issue, LB-LINK has not acknowledged the vulnerabilities publicly, leaving users at risk.

Affected Version(s)

BL-AC1900 20250702

BL-AC2100_AZ3 20250702

BL-AC3600 20250702

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7572 - Proof of Concept

References

https://vuldb.com/?id.316270
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316270
signaturepermissions-required
https://vuldb.com/?submit.608009
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

waiwai24 (VulDB User)
.
CVE-2025-7572 : Information Disclosure Vulnerability in LB-LINK BL Series Routers