| 标题 | LB-LINK BL-WR9000 V2.4.9 Command Injection |
|---|
| 描述 | The BLINK WR9000 router has a command injection vulnerability. The vulnerability exists in the libshare-0.0.26.so shared library, which is called by the /bin/goahead file. Because the underlying process handling WiFi configurations fails to strictly validate external input parameters and directly concatenates them into strings that execute underlying system commands, an attacker can execute arbitrary remote system commands with the highest privileges or take over the device. |
|---|
| 来源 | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_wlanpswencry%20command%20injection_EN.md |
|---|
| 用户 | jfkk (UID 79868) |
|---|
| 提交 | 2026-03-04 08時41分 (2 月前) |
|---|
| 管理 | 2026-03-15 19時41分 (11 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 351151 [LB-LINK BL-WR9000 2.4.9 /goform/set_wifi sub_458754 权限提升] |
|---|
| 积分 | 20 |
|---|