Submit #608009: Blink BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 Exposure info

TitelBlink BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 Exposure
BeschreibungMultiple Blink routers contain a severe information disclosure vulnerability in the bs_GetHostInfo function within the libblinkapi.so shared library. When processing gethostinfo requests, this function directly returns a large amount of sensitive information to the client, including the administrator's plaintext password.After obtaining administrator privileges, attackers can perform the following malicious operations.Modify any router configuration, such as Wi-Fi passwords, DNS settings, etc.
Quelle⚠️ https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Information_Exposure_Vulnerabilities_in_Various_Blink_Router_Models.md
Benutzer
 waiwai24 (UID 81637)
Einreichung02.07.2025 19:19 (vor 12 Monaten)
Moderieren13.07.2025 09:16 (11 days later)
StatusAkzeptiert
VulDB Eintrag316270 [LB-LINK BL-WR9000 bis 20250702 /cgi-bin/lighttpd.cgi bs_GetHostInfo Information Disclosure]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!