HIGH🇵🇱 Wersja polska

CVE-2026-4227

CVSS 7.4v4.0pub. 2026-03-16upd. 2026-03-20

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Lb Link Bl Wr9000

    HW
    Lb-Link
    wszystkie wersje
  • Lb Link Bl Wr9000 Firmware

    OS
    Lb-Link
    2.4.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-26801CRITICAL9.8ten sam produkt

LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 we...

CVE-2026-4226HIGH7.4ten sam produkt

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of ...

CVE-2026-4228LOW2.1ten sam produkt

W routerze LB-LINK BL-WR9000 w wersji 2.4.9 wykryto lukę w funkcji sub_458754 pliku /goform/set_wifi. Manipula...

CVE-2025-29062CRITICAL9.8PL ✓ten sam vendor

RCE w LB-Link BL-AC2100 przez parametry set_LimitClient_cfg

CVE-2025-29063CRITICAL9.8PL ✓ten sam vendor

RCE w LB-Link BL-AC2100 — nieprawidłowa obsługa parametru enable