CVE-2025-1608 in AC1900 Routerinfo

Summary

by MITRE • 02/24/2025

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/24/2025

This critical vulnerability exists in the LB-LINK AC1900 Router version 1.0.2 and represents a severe os command injection flaw within the web interface. The vulnerability is located in the websGetVar function of the /goform/set_manpwd file, where the routepwd parameter is improperly handled without adequate input validation or sanitization. This allows attackers to inject malicious operating system commands directly through the web interface, bypassing normal authentication mechanisms and potentially gaining full control over the router's underlying operating system. The vulnerability's remote exploitability means that attackers can leverage this flaw from outside the local network without requiring physical access or prior authentication credentials.

The technical nature of this vulnerability aligns with CWE-77 and CWE-94, which specifically address command injection flaws where user-supplied data is directly incorporated into operating system commands without proper validation or escaping. This type of vulnerability falls under the ATT&CK technique T1059.001 for Command and Scripting Interpreter, enabling attackers to execute arbitrary commands on the affected device. The flaw essentially allows an attacker to escalate privileges and potentially establish persistent access to the network infrastructure through the compromised router.

The operational impact of this vulnerability extends far beyond simple unauthorized access, as routers serve as critical network gateways that control traffic flow and network security policies. Successful exploitation could enable attackers to redirect network traffic, implement man-in-the-middle attacks, disable security features, or use the compromised router as a pivot point to launch attacks against other devices on the internal network. Given that the exploit has been publicly disclosed and is believed to be actively used, the risk to affected networks is immediate and significant, particularly in environments where network security is not properly segmented or monitored.

Organizations affected by this vulnerability should implement immediate mitigations including disabling remote management features on the router, applying any available firmware updates from the vendor despite the lack of vendor response, and implementing network segmentation to limit the potential impact of compromise. Network monitoring should be enhanced to detect unusual traffic patterns or command execution attempts. Additionally, administrators should consider implementing firewall rules that restrict access to the router's web management interface to trusted IP addresses only, and establish regular vulnerability scanning procedures to identify similar flaws in other network infrastructure devices. The absence of vendor response highlights the importance of maintaining awareness of third-party security advisories and having contingency plans for unsupported devices.

Responsible

VulDB

Disclosure

02/24/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.10113

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!