CVE-2023-26801
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
26/03/2023
Last modified:
05/05/2025
Description
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:lb-link:bl-lte300_firmware:1.0.8:*:*:*:*:*:*:* | ||
cpe:2.3:h:lb-link:bl-lte300:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:lb-link:bl-x26_firmware:1.2.5:*:*:*:*:*:*:* | ||
cpe:2.3:h:lb-link:bl-x26:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:lb-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:* | ||
cpe:2.3:h:lb-link:bl-wr9000:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:lb-link:bl-ac1900_firmware:1.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:h:lb-link:bl-ac1900:2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers
- https://www.akamai.com/blog/security-research/cve-2023-26801-exploited-spreading-mirai-botnet
- https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers