CVE-2025-4076 – LB-LINK BL-AC3600 Password Handler Command Injection Vulnerability

April 29, 2025

CVE ID : CVE-2025-4076

Published : April 29, 2025, 6:15 p.m. | 52 minutes ago

Description : A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4095 – Docker Desktop MacOS Registry Access Bypass Vulnerability

Next Article CVE-2025-4075 – VMSMan Cross Site Scripting Vulnerability

Highlights

CVE-2025-42992 – SAPCAR Privilege Escalation Vulnerability

July 7, 2025

CVE ID : CVE-2025-42992

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

DistroWatch Weekly, Issue 1139

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

CVE-2025-4076 – LB-LINK BL-AC3600 Password Handler Command Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-8831 – Linksys Wireless Router Remote Management Stack Buffer Overflow Vulnerability

Master Reactivity in React: Derivations, Effects, and State Synch

Q&A: A roadmap for revolutionizing health care through data-driven innovation

Kanidm – simple and secure identity management

CVE-2025-42992 – SAPCAR Privilege Escalation Vulnerability

CVE-2025-8826 – Linksys Wireless Router Stack-Based Buffer Overflow Vulnerability

CVE-2025-20213 – Cisco Catalyst SD-WAN Manager Local File System Overwrite Vulnerability

CVE-2025-53633 – Chall-Manager Zip Bomb Vulnerability

CVE-2025-4076 – LB-LINK BL-AC3600 Password Handler Command Injection Vulnerability

Related Posts