Description
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or verifying client identity. There are no session tokens, cookies, or unique identifiers in place. This flaw allows an attacker to obtain full administrative access simply by configuring their device to use the same IP address as a previously authenticated user. This results in a complete authentication bypass.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://www.zyenra.com/blog/improper-ip-bound-session-authentication-in-lb-link-cpe300m
Scores
CVSS v3
8.8
EPSS
0.0041
EPSS Percentile
32.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (1)
lb-link/bl-cpe300m_firmware
Published
Sep 09, 2025
Tracked Since
Feb 18, 2026