How severe is CVE-2025-1608?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-1608?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2025-1608 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-9873

MEDIUM

CVSS:6.3(Medium)

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authentic...

CWE-772016

CVE-2017-12329

MEDIUM

CVSS:6.3(Medium)

A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulne...

CWE-772017

CVE-2017-12330

MEDIUM

CVSS:6.3(Medium)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation ...

CWE-772017

CVE-2017-12335

MEDIUM

CVSS:6.3(Medium)

CWE-772017

CVE-2019-20702

MEDIUM

CVSS:6.3(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CWE-772019

CVE-2019-20703

MEDIUM

CVSS:6.3(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CWE-772019