What is CVE-2025-1608?

A medium-severity vulnerability in LB-LINK AC1900 Router can lead to OS command injection, allowing remote attacks. Immediate patching is recommended to mitigate risks.

What is the severity of CVE-2025-1608?

CVE-2025-1608 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1608 | Medium Vulnerability in LB-LINK AC1900 Router

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to OS command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

This vulnerability allows attackers to execute arbitrary commands on the affected device, which poses significant risks to security and privacy.

Risk to organizations includes unauthorized access and control over the network resources, making immediate remediation critical.

Organizations should prioritize patching immediately. The vulnerability has a CVSS score of 5.3, indicating a medium severity level, with an attack vector classified as network, and low attack complexity.

No public exploit is confirmed as of yet, but with the exploit being disclosed, organizations should remain vigilant and proactive in their security measures.

Vulnerability Details

The vulnerability affects LB-LINK AC1900 Router version 1.0.2, specifically within the function websGetVar located in /goform/set_manpwd. This vulnerability allows OS command injection through the routepwd argument.

The CVSS version 3.1 score for this vulnerability is 9.8, classified as critical, with high impacts on confidentiality, integrity, and availability.

The CWE classifications for this vulnerability include CWE-77 (Command Injection) and CWE-78 (OS Command Injection).

Technical Analysis

The root cause of this vulnerability stems from insufficient input validation in the function handling the routepwd argument. Attackers may leverage this flaw to inject arbitrary commands that the router will execute with its privileges.

The attack vector is network-based, requiring low complexity for exploitation, and no user interaction is necessary. The required privileges are low, meaning a potential attacker could exploit this vulnerability without needing a valid account.

The impacts on confidentiality, integrity, and availability are classified as low, indicating that while the risks are significant, they do not lead to catastrophic outcomes immediately.

Risk & Impact Analysis

Real-world deployment of this vulnerability presents risks that could allow attackers remote access to network resources. The potential blast radius includes any connected devices within the network, which increases the urgency for organizations to address this issue.

The CVSS score indicates a medium level of severity, but organizations should consider the context of their network and the potential for lateral movement and further exploitation.

Given the relatively low EPSS score of 0.008, there may be a lower likelihood of exploitation in the wild, but organizations should not dismiss the vulnerability, especially considering its critical classification.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is LB-LINK AC1900 Router firmware 1.0.2. All versions prior to vendor patch may also be impacted.

Mitigation & Remediation

Organizations should address this vulnerability by applying the latest firmware updates provided by LB-LINK as soon as they are available.

If patches are not available, consider implementing network segmentation to limit exposure and applying additional firewall rules to restrict access to the router's management interface.

Monitoring network traffic for unusual activities around the router can also help detect potential exploitation attempts.

Continuous penetration testing can validate the effectiveness of these measures.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual access patterns to the router management interface, specifically looking for unexpected commands in request payloads.

Behavioral anomalies in user interactions with the router can also indicate potential exploitation.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the importance of secure coding practices in embedded systems. The pattern of command injection vulnerabilities continues to represent a prevalent risk in network devices.

Security teams should focus on proactive measures and regular assessments to identify vulnerabilities before they can be exploited. Implementing secure configurations and regular updates is essential.

Penetration testing methodologies can provide a framework for assessing security postures effectively.

Vulnerability management programs should be designed to continuously monitor and remediate findings in real-time.

API security testing should also be included to address similar vulnerabilities in web interfaces.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1608: Medium Vulnerability in LB-LINK AC1900 Router