Unrated severityNVD Advisory· Published Mar 26, 2023· Updated May 5, 2025
CVE-2023-26801
CVE-2023-26801
Description
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.
Affected products
5Patches
Vulnerability mechanics
References
2News mentions
2- What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)SANS Internet Storm Center · Jun 25, 2026
- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning ExploitsTrend Micro Research · Oct 9, 2025