CVE-2025-7574

| EUVD-2025-21310 CRITICAL
2025-07-14 [email protected]
Authentication Bypass
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2025-21310
PoC Detected
Jul 15, 2025 - 13:14 vuln.today
Public exploit code
CVE Published
Jul 14, 2025 - 05:15 nvd
CRITICAL 9.8

DescriptionNVD

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

CVE-2025-7574 is a critical authentication bypass vulnerability in LB-LINK wireless router web interfaces affecting multiple models (BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000) up to version 20250702. The vulnerability in the /cgi-bin/lighttpd.cgi reboot/restore functions allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact (CVSS 9.8). A public exploit has been disclosed, the vendor has not responded to responsible disclosure efforts, and the attack requires no user interaction or special network conditions.

Technical ContextAI

The vulnerability resides in improper authentication controls (CWE-287: Improper Authentication) within the lighttpd web server CGI handler on LB-LINK routers. Specifically, the /cgi-bin/lighttpd.cgi endpoint fails to properly validate user credentials before processing critical administrative functions (reboot and restore operations). Lighttpd is a lightweight HTTP daemon commonly used in embedded devices and routers. The affected CPE products include LB-LINK wireless routers with 802.11ac and 802.11ax (WiFi 6) capabilities, indicating consumer-grade networking equipment with internet-facing web management interfaces. The root cause is missing or bypassable authentication checks that should gate access to sensitive system operations, allowing any network-adjacent attacker to invoke privileged functions without valid session tokens or credentials.

RemediationAI

Immediate actions: (1) Identify all LB-LINK routers (listed models) in your network using asset discovery tools; (2) Isolate affected devices to trusted networks only—restrict web management interface access via firewall rules to administrative subnets, disable remote management, and disable UPnP/WAN access if enabled; (3) Monitor for suspicious access to /cgi-bin/lighttpd.cgi with tools like web access logs or SIEM rules; (4) Contact LB-LINK support to request firmware patches, though vendor non-responsiveness suggests patches may not be forthcoming; (5) Consider replacing devices with routers from responsive vendors offering security updates; (6) Implement network segmentation to contain potential breaches; (7) Change router admin credentials to complex passwords and disable default accounts; (8) Disable web interface access if not actively needed. No legitimate vendor patch is currently available as of the disclosure date. If patches are released, update firmware immediately to a version > 20250702.

Share

CVE-2025-7574 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy