CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-33375

CVSS 9.8v3.1pub. 2024-06-14upd. 2025-05-30

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.

🤖 AI Analysis
How it works

The router firmware does not apply any encryption or hashing mechanism to protect stored authentication data. A person who gains access to the firmware file — for example through extraction from flash memory, firmware image download, or another vulnerability on the same device — can read passwords in plaintext without needing to crack them. CWE-256 (Plaintext Storage of a Password) confirms the lack of any cryptographic protection of stored credentials.

Impact

An attacker can obtain complete authentication credentials for the router, leading to takeover of the device, modification of its network configuration, and potential lateral movement within the local network.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Additionally, it is recommended to change all passwords configured on the device and restrict physical and network access to the router's management interface until the patch is deployed.

Who is affected

LB-LINK BL-W1210M Firmware version 2.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lb Link Bl W1210m

    HW
    Lb-Link
    2.0
  • Lb Link Bl W1210m Firmware

    OS
    Lb-Link
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-33377HIGH8.1ten sam produkt

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page...

CVE-2024-33373MEDIUM6.3ten sam produkt

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and ...

CVE-2025-29063CRITICAL9.8PL ✓ten sam vendor

RCE w LB-Link BL-AC2100 — nieprawidłowa obsługa parametru enable

CVE-2025-29062CRITICAL9.8PL ✓ten sam vendor

RCE w LB-Link BL-AC2100 przez parametry set_LimitClient_cfg

CVE-2024-51431CRITICAL9.8PL ✓ten sam vendor

Zakodowane na stałe dane uwierzytelniające w routerze LB-LINK BL-WR1300H