CVE-2025-1608

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Feb 24, 2025

CWE ID 78

CWE ID 77

Summary

CVE-2025-1608 is a critical vulnerability affecting the LB-LINK AC1900 Router 1.0.2. This issue lies in the websGetVar function of the set_manpwd file. Manipulation of the routepwd argument can lead to os command injection, which an attacker can exploit remotely. The exploit for this vulnerability has been made public, increasing the risk for potential attacks. Despite early disclosure to the vendor, they have not responded with any mitigation efforts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3oyxz_
https://www.cve.org/CVERecord?id=CVE-2025-1608
https://nvd.nist.gov/vuln/detail/CVE-2025-1608

Back to Vulnerability Database

CVE-2025-1608

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations