Skip to main content

Bl Wr9000 CVE-2026-4226

| EUVDEUVD-2026-12367 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-16 VulDB
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
PoC Detected
Mar 20, 2026 - 18:21 vuln.today
Public exploit code
EUVD ID Assigned
Mar 16, 2026 - 09:00 euvd
EUVD-2026-12367
Analysis Generated
Mar 16, 2026 - 09:00 vuln.today
CVE Published
Mar 16, 2026 - 07:32 nvd
HIGH 8.8

DescriptionCVE.org

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.

Technical ContextAI

The vulnerability affects the LB-LINK BL-WR9000 router (CPE: cpe:2.3:a:lb-link:bl-wr9000:*:*:*:*:*:*:*:*), specifically version 2.4.9 as confirmed by EUVD-2026-12367. The root cause is a classic stack-based buffer overflow (CWE-121) where the application fails to properly validate input size before copying data to a fixed-size buffer on the stack. This occurs in the sub_44E8D0 function when processing requests to the /goform/get_virtual_cfg endpoint, likely related to virtual configuration management functionality in the router's web interface.

RemediationAI

No patch is currently available as the vendor has not responded to disclosure attempts. Organizations should immediately implement compensating controls including restricting network access to the router's management interface to trusted IP addresses only, disabling the vulnerable /goform/get_virtual_cfg endpoint if possible, and considering replacement with alternative router models from responsive vendors. Monitor the VulDB advisory at https://vuldb.com/?id.351149 for any future updates. Given the lack of vendor support, replacing affected devices should be strongly considered as a long-term solution.

Share

CVE-2026-4226 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy