Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in LB-LINK BL-WR9000 2.4.9 via the /goform/set_wifi endpoint allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early disclosure notification.
Technical ContextAI
The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command, a.k.a. Command Injection). The affected product is the LB-LINK BL-WR9000 router (CPE: cpe:2.3:a:lb-link:bl-wr9000:*:*:*:*:*:*:*:*), specifically firmware version 2.4.9. The flaw resides in the web interface's /goform/set_wifi handler, which fails to properly sanitize user-supplied input before passing it to shell command execution. This allows an attacker with valid credentials to break out of intended command contexts and execute arbitrary system-level commands on the router's underlying Linux-based operating system.
RemediationAI
No official firmware patch is available from LB-LINK due to vendor non-responsiveness. Users should immediately upgrade to alternative router firmware or equipment from vendors with active security support. If continued use is unavoidable, restrict network access to the web administration interface (typically port 80/443) using firewall rules to permit only trusted IP ranges, change all default credentials, and disable remote administration features. Consider deploying the router behind a network segmentation boundary that limits its access to critical systems. Monitor exploit activity and maintain offline backups of critical configurations. Reference the VulDB advisory at https://vuldb.com/?id.351151 for additional technical context and community-contributed mitigations.
Remote code execution in LB-LINK BL-WR9000 2.4.9 via buffer overflow in the /goform/get_hidessid_cfg endpoint allows aut
Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be e
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12371