Platform
other
Component
0101
Fixed in
20250702.0.1
20250702.0.1
20250702.0.1
20250702.0.1
20250702.0.1
20250702.0.1
CVE-2025-7574 is a critical vulnerability affecting LB-LINK routers, specifically models BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000 running versions up to 20250702. This vulnerability allows for improper authentication, enabling remote exploitation. A fix is available in version 20250702.0.1.
The vulnerability resides in the reboot/restore function of the /cgi-bin/lighttpd.cgi file within the Web Interface. An attacker can manipulate this function to bypass authentication mechanisms. Successful exploitation grants unauthorized access to the router's configuration and management interface. This could lead to complete control of the device, including modification of network settings, data interception, and potential use as a pivot point for further attacks on the internal network. The public disclosure of this exploit significantly increases the risk of widespread exploitation.
This vulnerability was publicly disclosed on 2025-07-14. The vendor, LB-LINK, was notified but did not respond. The public availability of an exploit significantly increases the likelihood of exploitation. While no confirmed exploitation campaigns are currently known, the CRITICAL severity and public availability of the exploit warrant immediate attention. This vulnerability does not appear to be listed on CISA KEV as of this writing.
Exploit Status
EPSS
0.35% (57% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade affected LB-LINK routers to version 20250702.0.1 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct WAF rule targeting the /cgi-bin/lighttpd.cgi endpoint is difficult without specific exploit patterns, restricting access to this endpoint from untrusted networks can reduce the attack surface. Monitor router logs for unusual activity or authentication attempts. After upgrading, confirm the fix by attempting to access the router's web interface with invalid credentials; authentication should be denied.
Update the firmware of your LB-LINK router to a version later than 20250702, if available, to correct the authentication vulnerability. If no update is available, consider replacing the device with one that receives active security updates. Disable remote access to the router's web interface as a temporary measure.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-7574 is a critical vulnerability in LB-LINK routers allowing remote attackers to bypass authentication and gain unauthorized access.
If you are using a LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, or BL-WR9000 router running version 20250702 or earlier, you are potentially affected.
Upgrade your router to version 20250702.0.1 or later to mitigate the vulnerability. If upgrading is not possible, implement temporary workarounds like restricting access to the web interface.
While no confirmed exploitation campaigns are currently known, the public availability of the exploit increases the risk of exploitation.
Refer to the LB-LINK website for the official advisory regarding CVE-2025-7574.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.