CVE-2025-9580 | LB-LINK BL-X26 1.2.8 HTTP /goform/set_blacklist mac os command injection

A vulnerability classified as critical was found in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection.

This vulnerability is uniquely identified as CVE-2025-9580. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More