| Title | Blink BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 BL-AX5400P V1.0.19、BL-AX1800 V1.0.19、BL-AC3600 V1.0.22、BL-WR9000 V2.4.9、BL-AC1900 V1.0.2、BL-AC2100_AZ3 V1.0.4 Incorrect |
|---|
| Description | The Blink router's Web management interface contains a serious vulnerability of unverified identity permissions for sensitive operations. This vulnerability is not about bypassing existing authentication mechanisms, but rather the failure to verify the requester's identity and permissions when handling specific sensitive operations. Attackers can execute sensitive operations such as restart and factory reset through simple HTTP requests, leading to network service interruption and configuration data loss. |
|---|
| Source | ⚠️ https://github.com/waiwai24/0101/blob/main/CVEs/Blink/Privilege_Control_Defect_in_Blink_Router_Web_Interface_Permits_Arbitrary_Sensitive_Operation_Execution.md |
|---|
| User | waiwai24 (UID 81637) |
|---|
| Submission | 07/02/2025 19:34 (12 months ago) |
|---|
| Moderation | 07/13/2025 09:16 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 316272 [LB-LINK BL-WR9000 up to 20250702 Web Interface /cgi-bin/lighttpd.cgi reboot/restore improper authentication] |
|---|
| Points | 20 |
|---|