Skip to main content

Bl Wr9000 CVE-2026-4228

| EUVDEUVD-2026-12371 LOW
Command Injection (CWE-77)
2026-03-16 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
6.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Mar 20, 2026 - 18:19 vuln.today
Public exploit code
EUVD ID Assigned
Mar 16, 2026 - 09:00 euvd
EUVD-2026-12371
Analysis Generated
Mar 16, 2026 - 09:00 vuln.today
CVE Published
Mar 16, 2026 - 08:02 nvd
MEDIUM 6.3

DescriptionCVE.org

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in LB-LINK BL-WR9000 2.4.9 via the /goform/set_wifi endpoint allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early disclosure notification.

Technical ContextAI

The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command, a.k.a. Command Injection). The affected product is the LB-LINK BL-WR9000 router (CPE: cpe:2.3:a:lb-link:bl-wr9000:*:*:*:*:*:*:*:*), specifically firmware version 2.4.9. The flaw resides in the web interface's /goform/set_wifi handler, which fails to properly sanitize user-supplied input before passing it to shell command execution. This allows an attacker with valid credentials to break out of intended command contexts and execute arbitrary system-level commands on the router's underlying Linux-based operating system.

RemediationAI

No official firmware patch is available from LB-LINK due to vendor non-responsiveness. Users should immediately upgrade to alternative router firmware or equipment from vendors with active security support. If continued use is unavoidable, restrict network access to the web administration interface (typically port 80/443) using firewall rules to permit only trusted IP ranges, change all default credentials, and disable remote administration features. Consider deploying the router behind a network segmentation boundary that limits its access to critical systems. Monitor exploit activity and maintain offline backups of critical configurations. Reference the VulDB advisory at https://vuldb.com/?id.351151 for additional technical context and community-contributed mitigations.

Share

CVE-2026-4228 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy