CVE-2025-1610
Published: 24 February 2025
Description
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Security Summary
CVE-2025-1610 is a critical vulnerability in the LB-LINK AC1900 Router version 1.0.2, affecting the websGetVar function within the /goform/set_blacklist file. The issue enables OS command injection through manipulation of the mac/enable argument and is classified under CWE-77 and CWE-78.
The vulnerability is exploitable remotely (AV:N) by low-privileged users (PR:L) with low attack complexity (AC:L) and no user interaction (UI:N), resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L). It carries a CVSS v3.1 base score of 6.3.
Advisories referenced in VulDB entries and a Notion site detail the public disclosure of an exploit. The vendor was contacted early about the issue but provided no response, and no patches or mitigations are specified.
The exploit has been disclosed publicly and may be used in attacks.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remote OS command injection in the router's public-facing web interface (/goform/set_blacklist), enabling exploitation of public-facing applications (T1190) and indirect command execution via the manipulated web parameters (T1202).