平台
other
组件
0101
修复版本
20250702.0.1
20250702.0.1
20250702.0.1
20250702.0.1
20250702.0.1
20250702.0.1
CVE-2025-7574 is a critical vulnerability affecting LB-LINK routers, specifically models BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, and BL-WR9000 running versions up to 20250702. This vulnerability allows for improper authentication, enabling remote exploitation. A fix is available in version 20250702.0.1.
The vulnerability resides in the reboot/restore function of the /cgi-bin/lighttpd.cgi file within the Web Interface. An attacker can manipulate this function to bypass authentication mechanisms. Successful exploitation grants unauthorized access to the router's configuration and management interface. This could lead to complete control of the device, including modification of network settings, data interception, and potential use as a pivot point for further attacks on the internal network. The public disclosure of this exploit significantly increases the risk of widespread exploitation.
This vulnerability was publicly disclosed on 2025-07-14. The vendor, LB-LINK, was notified but did not respond. The public availability of an exploit significantly increases the likelihood of exploitation. While no confirmed exploitation campaigns are currently known, the CRITICAL severity and public availability of the exploit warrant immediate attention. This vulnerability does not appear to be listed on CISA KEV as of this writing.
Small and medium-sized businesses (SMBs) and home users relying on LB-LINK routers are at significant risk. Shared hosting environments utilizing these routers are particularly vulnerable due to the potential for widespread compromise. Users with legacy router configurations or those who have not updated their devices in a long time are also at increased risk.
• windows / supply-chain: Monitor PowerShell execution for commands related to network configuration changes or attempts to access router interfaces. Check scheduled tasks for suspicious entries.
• linux / server: Monitor system logs (journalctl) for authentication failures or unusual activity on the router's web interface. Use ss or lsof to identify connections to port 80 or 443 from unexpected sources.
• generic web: Use curl to probe the /cgi-bin/lighttpd.cgi endpoint and examine the response headers for any anomalies. Review access and error logs for suspicious requests.
disclosure
patch
漏洞利用状态
EPSS
0.35% (57% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation is to immediately upgrade affected LB-LINK routers to version 20250702.0.1 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct WAF rule targeting the /cgi-bin/lighttpd.cgi endpoint is difficult without specific exploit patterns, restricting access to this endpoint from untrusted networks can reduce the attack surface. Monitor router logs for unusual activity or authentication attempts. After upgrading, confirm the fix by attempting to access the router's web interface with invalid credentials; authentication should be denied.
如果可用,请将您的 LB-LINK 路由器固件更新到 20250702 之后的版本以修复身份验证漏洞。如果不可用,请考虑更换为接收主动安全更新的设备。作为临时措施,禁用路由器 Web 界面对远程访问。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-7574 is a critical vulnerability in LB-LINK routers allowing remote attackers to bypass authentication and gain unauthorized access.
If you are using a LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, or BL-WR9000 router running version 20250702 or earlier, you are potentially affected.
Upgrade your router to version 20250702.0.1 or later to mitigate the vulnerability. If upgrading is not possible, implement temporary workarounds like restricting access to the web interface.
While no confirmed exploitation campaigns are currently known, the public availability of the exploit increases the risk of exploitation.
Refer to the LB-LINK website for the official advisory regarding CVE-2025-7574.