anonhaven
Ad

CVE-2026-4227

HIGH CVSS 4.0: 7.4 EPSS 0.14%
Updated Mar 20, 2026
Lb-Link
Parameter Value
CVSS 7.4 (HIGH)
Type CWE-125 (Out-of-bounds Read), CWE-119 (Buffer Overflow), CWE-120 (Buffer Copy without Checking Size)
Vendor Lb-Link
Public PoC No

A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow.

It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-125 Out-of-bounds Read
CWE-119 Buffer Overflow
CWE-120 Buffer Copy without Checking Size

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Lb-Link Bl-Wr9000_Firmware
cpe:2.3:o:lb-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:*
Lb-Link Bl-Wr9000
cpe:2.3:h:lb-link:bl-wr9000:-:*:*:*:*:*:*:*

References 4

https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_HideSSID%2…
cna@vuldb.com
https://vuldb.com/?ctiid.351150
cna@vuldb.com
https://vuldb.com/?id.351150
cna@vuldb.com
https://vuldb.com/?submit.771209
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4228

Lb-Link

5.3

CVE-2026-4226

Lb-Link

7.4

CVE-2025-1610

Lb-Link

5.3

CVE-2025-1609

Lb-Link

5.3

CVE-2025-1608

Lb-Link

5.3