Home
About Us
Services
Application Security
Web Application Penetration Testing
API Penetration Testing
Mobile Application Penetration Testing​
Source Code Reviews
Threat Modeling
Architecture Reviews
Infrastructure Security
Internal Network Penetration Testing
External Network Penetration Testing
Active Directory Security Assessments
Wireless Network Penetration Testing
Host Reviews
Firewall Configuration Reviews
Cloud Security
Cloud Configuration Reviews
Cloud Penetration Testing
Adversary Simulations
Red Teaming
Purple teaming
OSINT
Phishing Simulations
DevSecOps
Container Security
Kubernetes configuration reviews
Other
Managed Vulnerability Scanning
PCI DSS Security Assessments
Hardware Security Assessments
Smart Contracts Security Assessments
Managed SOC Services
Academy
Advisory
Blog
Media
Podcasts
Videos
Contact Us
Home
About Us
Services
Application Security
Web Application Penetration Testing
API Penetration Testing
Mobile Application Penetration Testing​
Source Code Reviews
Threat Modeling
Architecture Reviews
Infrastructure Security
Internal Network Penetration Testing
External Network Penetration Testing
Active Directory Security Assessments
Wireless Network Penetration Testing
Host Reviews
Firewall Configuration Reviews
Cloud Security
Cloud Configuration Reviews
Cloud Penetration Testing
Adversary Simulations
Red Teaming
Purple teaming
OSINT
Phishing Simulations
DevSecOps
Container Security
Kubernetes configuration reviews
Other
Managed Vulnerability Scanning
PCI DSS Security Assessments
Hardware Security Assessments
Smart Contracts Security Assessments
Managed SOC Services
Academy
Advisory
Blog
Media
Podcasts
Videos
Contact Us

Security Advisory – Multiple Vulnerabilities in LB-link BL-W1210M Router ​

Fox in red hoodie at workstation with multiple monitors and servers, symbolizing LB-Link BL-W1210M router vulnerabilities.
  • June 13, 2024
  • Hardware
  • Gaurav Choudhari

Routers form the backbone of modern digital infrastructure, enabling connectivity for homes, businesses, and entire networks. However, when vulnerabilities exist in these devices, they can quickly become gateways for attackers to exploit, compromise, and steal sensitive data.

In this blog, we examine multiple critical vulnerabilities identified in the LB-Link BL-W1210M router. These flaws range from weak password enforcement to insecure credential storage and clickjacking risks. Each issue represents a potential entry point for attackers to gain unauthorized access or fully compromise the device.

overview

Affected Version

  • Device: LB-Link BL-W1210M

  • Firmware Versions: V1.0.0 / Open-MATCH-V1.02 / V1.2.8

Vulnerability Details:

1. Password Policy Bypass / Inconsistent Password Policy (CVE-2024-33373)

  • Description: Attackers can bypass password complexity checks, allowing extremely weak credentials (e.g., a single digit).
  • Impact: Simplifies brute-force attacks, enabling unauthorized administrative access.
  • Mitigation: Upgrade to the latest available firmware.
  • Proof of Concept: Weak Base64-encoded passwords were easily cracked during testing.
admin password
Password Policy Bypass

2. Incorrect Access Control (CVE-2024-33374)

  • Description: Insecure access control within the UART/Serial interface provides unauthenticated users with root terminal access.
  • Impact: Attackers can seize full control of the device, risking total compromise.
  • Mitigation: Apply the latest firmware update.
  • Proof-of-Concept: Our test unit produced root access logs after simply pressing the Enter key during boot.
root my blink
Incorrect Access Control

3. Credentials Stored in Cleartext (CVE-2024-33375)

  • Description: User credentials are stored in plaintext within the firmware.
  • Impact: Extracted credentials can be leveraged for unauthorized access.
  • Mitigation: Apply the latest firmware update.
  • Proof-of-Concept: Unencrypted credentials such as USER1 and USER2 were recovered directly from the firmware.
credentials stored in cleartext
Credentials stored in Cleartext
Unencrypted Credentials

4. Clickjacking Vulnerability (CVE-2024-33377)

  • Description: The Administrator login page is susceptible to clickjacking via crafted web elements.
  • Impact: Attackers can trick users into executing unintended actions or redirect them to malicious sites.
  • Mitigation: Upgrade to the latest firmware.
  • Proof-of-Concept: The login page can be embedded inside a transparent iframe without restrictions.
clickhijacking
Clickjacking

5. Outdated JavaScript Library

  • Description: The web interface uses an outdated Axios library (v0.21.0) affected by known vulnerabilities including Inefficient Regex Complexity and SSRF (CVE-2021-3749, CVE-2020-28168).
  • Impact: Attackers could exploit these flaws to compromise system stability and security.
  • Mitigation: Update to the latest available firmware.
  • Proof-of-Concept: The presence of axios.min.js v0.21.0 was confirmed.
Outdated JavaScript Library - axios.min.js
Outdated JavaScript Library - axios.min.js

6. Missing HTTP-Only Flag on Cookies

  • Description: The “sysauth” cookie lacks the HTTP-Only flag, leaving it exposed to client-side scripts.
  • Impact: Increases the risk of session hijacking through malicious JavaScript.
  • Mitigation: Upgrade to the latest firmware.
  • Proof-of-Concept: Authentication cookies remained accessible to client-side scripts after administrator login.
HTTP-Only flag not set on "sysauth" Cookie
HTTP-Only flag not set on "sysauth" Cookie

Broader Implications

These vulnerabilities highlight several recurring issues in embedded device security:

  • Weak authentication mechanisms expose devices to brute-force and credential-stuffing attacks.

  • Poorly implemented access controls allow attackers to bypass restrictions entirely.

  • Failure to encrypt sensitive data such as credentials is an ongoing concern across IoT and networking devices.

  • Outdated dependencies remain a silent but dangerous attack vector.

  • Neglected secure development practices (e.g., missing cookie flags, lack of anti-clickjacking measures) leave users exposed to client-side threats.

Given how routers often sit at the perimeter of networks, these flaws could provide attackers with direct access to internal systems, potentially affecting an entire organization.

Conclusion

The vulnerabilities uncovered in the LB-Link BL-W1210M router represent significant threats, ranging from credential theft to full device takeover. Attackers could exploit these weaknesses to gain complete control of a network environment.

Immediate Action For Users:

  • Update to the latest available firmware.

  • Change default or weak passwords immediately.

  • Limit physical access to devices wherever possible.

  • Consider network segmentation to reduce exposure in case of compromise.

At Redfox Security, we specialize in uncovering these types of risks before attackers can exploit them. Our team can help assess vulnerabilities in your infrastructure and provide tailored remediation strategies.

Take action today—strengthen your defenses, secure your infrastructure, and protect your data. Explore our expert consulting services as well as our comprehensive security training programs to build in-house expertise and resilience against evolving threats.

Recent Blog

September 09, 2025
Is APK Decompilation Legal? What You Need To Know
September 06, 2025
When Hackers Hit the Road: The Jaguar Land Rover Cyberattack 
September 05, 2025
This Is the Hacker’s Swiss Army Knife. Have You Heard About It?

Follow Us

Youtube X-twitter Facebook Instagram Linkedin Github Medium

Delaware Office

Redfox Cyber Security Inc.
8 The Green, Ste. A, Dover,
Delaware 19901,
United States.

info@redfoxsec.com

Quick Menu

Legal

Newsletter

Success
Thank you! Form submitted successfully.
This field is required

©️2025 Redfox Cyber Security Inc. All rights reserved.