Information Disclosure Vulnerability in LB-LINK Routers
CVE-2025-7573

6.9MEDIUM

Key Information:

Vendor

Lb-link

Status
Bl-ac1900
Bl-ac2100 Az3
Bl-ac3600
Bl-ax1800
Vendor
CVE Published:
14 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7573?

A vulnerability has been identified in multiple LB-LINK router models that may allow unauthorized access to sensitive information. Specifically, the issue resides in the function bs_GetManPwd within the libblinkapi.so library, located in the /cgi-bin/lighttpd.cgi file. This vulnerability enables attackers to remotely manipulate the router, potentially leading to the exposure of confidential data. The issue affects various models, including BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000, and has been publicly disclosed without any response from the vendor regarding mitigation.

Affected Version(s)

BL-AC1900 20250702

BL-AC2100_AZ3 20250702

BL-AC3600 20250702

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7573 - Proof of Concept

References

https://vuldb.com/?id.316271
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316271
signaturepermissions-required
https://vuldb.com/?submit.608010
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

waiwai24 (VulDB User)
.
CVE-2025-7573 : Information Disclosure Vulnerability in LB-LINK Routers