Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

2025-07-14T03:15:24.557

Last Modified

2025-07-17T17:46:52.167

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.1

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-259
    CWE-798
  • Type: Primary
    CWE-798
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System lb-link bl-ac3600_firmware ≤ 1.0.22 Yes
Hardware lb-link bl-ac3600 - No
References