CVE-2025-7573 MEDIUM

CVE-2025-7573: LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure

Vendor Lb-Link
Product BL-AC1900
Weakness CWE-200 · Info exposure
Published July 14, 2025
Last update July 14, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

July 14, 2025 CVE published
July 14, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-0384 Video Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure CVE-2025-53728 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse CVE-2026-30933 FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info CVE-2024-1405 Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure