Tang BingCheng

2 exploits Active since Sep 2025
CVE-2025-57685 WRITEUP HIGH WRITEUP
LB-Link routers - Command Injection
The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/set_serial_cfg interface to gain the highest level of device privileges without authorization, enabling them to remotely execute malicious commands.
CVSS 8.8
CVE-2025-9935 WRITEUP HIGH WRITEUP
TOTOLINK N600R 4.3.0cu.7866_B20220506 - Unauthenticated Command Injection via cstecgi.cgi
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3