| عنوان | LB-LINK BL-WR9000 V2.4.9 Command Injection |
|---|
| الوصف | The BLINK WR9000 router has a command injection vulnerability. The vulnerability exists in the libshare-0.0.26.so shared library, which is called by the /bin/goahead file. Because the underlying process handling WiFi configurations fails to strictly validate external input parameters and directly concatenates them into strings that execute underlying system commands, an attacker can execute arbitrary remote system commands with the highest privileges or take over the device. |
|---|
| المصدر | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_wlanpswencry%20command%20injection_EN.md |
|---|
| المستخدم | jfkk (UID 79868) |
|---|
| ارسال | 04/03/2026 08:41 AM (2 أشهر منذ) |
|---|
| الاعتدال | 15/03/2026 07:41 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 351151 [LB-LINK BL-WR9000 2.4.9 /goform/set_wifi sub_458754 تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|