VYPR

LV-WR21Q

by Pix-Link

CVEs (2)

  • CVE-2025-12387MedJan 27, 2026
    risk 0.45cvss epss 0.01

    A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js…

  • CVE-2025-12386MedJan 27, 2026
    risk 0.45cvss epss 0.01

    Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but…