CRITICAL🇵🇱 Wersja polska

CVE-2024-51431

CVSS 9.8v3.1pub. 2024-11-01upd. 2024-11-05

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.

🤖 AI Analysis
How it works

Hardcoded credentials are stored in the /etc/shadow file of the device's operating system and cannot be changed in the standard way. These passwords are weak and easy to guess, meaning an attacker can gain access to the device without any prior authorization. The attack vector is network-based and requires no privileges or user interaction.

Impact

An attacker can obtain full, unauthorized access to the device, resulting in complete loss of confidentiality, integrity and availability of the system, as well as the ability to take control of network traffic.

Mitigation & patch

Apply patches available from the manufacturer according to the references. It is also recommended to isolate the device from public network access and monitor unauthorized login attempts until the update is deployed.

Who is affected

LB-LINK BL-WR1300H Firmware version 1.0.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lb Link Bl Wr1300h

    HW
    Lb-Link
    wszystkie wersje
  • Lb Link Bl Wr1300h Firmware

    OS
    Lb-Link
    1.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-29062CRITICAL9.8PL ✓ten sam vendor

RCE w LB-Link BL-AC2100 przez parametry set_LimitClient_cfg

CVE-2025-29063CRITICAL9.8PL ✓ten sam vendor

RCE w LB-Link BL-AC2100 — nieprawidłowa obsługa parametru enable

CVE-2024-33375CRITICAL9.8PL ✓ten sam vendor

LB-LINK BL-W1210M — przechowywanie danych uwierzytelniających w postaci jawnej

CVE-2023-26801CRITICAL9.8ten sam vendor

LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 we...

CVE-2026-4226HIGH7.4ten sam vendor

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of ...