Home
About Us
Services
Application Security
Web Application Penetration Testing
API Penetration Testing
Mobile Application Penetration Testing​
Source Code Reviews
Threat Modeling
Architecture Reviews
Infrastructure Security
Internal Network Penetration Testing
External Network Penetration Testing
Active Directory Security Assessments
Wireless Network Penetration Testing
Host Reviews
Firewall Configuration Reviews
Cloud Security
Cloud Configuration Reviews
Cloud Penetration Testing
Adversary Simulations
Red Teaming
Purple teaming
OSINT
Phishing Simulations
DevSecOps
Container Security
Kubernetes configuration reviews
Other
Managed Vulnerability Scanning
PCI DSS Security Assessments
Hardware Security Assessments
Smart Contracts Security Assessments
Managed SOC Services
Academy
Advisory
Blog
Media
Podcasts
Videos
Contact Us
Home
About Us
Services
Application Security
Web Application Penetration Testing
API Penetration Testing
Mobile Application Penetration Testing​
Source Code Reviews
Threat Modeling
Architecture Reviews
Infrastructure Security
Internal Network Penetration Testing
External Network Penetration Testing
Active Directory Security Assessments
Wireless Network Penetration Testing
Host Reviews
Firewall Configuration Reviews
Cloud Security
Cloud Configuration Reviews
Cloud Penetration Testing
Adversary Simulations
Red Teaming
Purple teaming
OSINT
Phishing Simulations
DevSecOps
Container Security
Kubernetes configuration reviews
Other
Managed Vulnerability Scanning
PCI DSS Security Assessments
Hardware Security Assessments
Smart Contracts Security Assessments
Managed SOC Services
Academy
Advisory
Blog
Media
Podcasts
Videos
Contact Us

Security Advisory – Multiple Vulnerabilities in LB-link BL-W1210M Router ​

  • June 13, 2024
  • Hardware
  • Gaurav Choudhari

Overview:

Our security research has identified several critical vulnerabilities in the LB-Link BL-W1210M router. These flaws could enable attackers to bypass security protocols, gain unauthorized access, and extract sensitive data.

overview

Affected Version

  • Device: LB-Link BL-W1210M

  • Firmware Versions: V1.0.0 / Open-MATCH-V1.02 / V1.2.8

Vulnerability Details:

1. Password Policy Bypass / Inconsistent Password Policy (CVE-2024-33373)

  • Description: Attackers can bypass password complexity checks, setting extremely weak passwords (e.g., single-digit). This makes brute-force attacks trivial.
  • Impact: Weak password enforcement could allow unauthorized users to gain administrative access, compromising router security.
  • Mitigation: Update to the latest available firmware.
  • Proof of Concept: Weak Base64-encoded credentials can be easily cracked, demonstrating the risk.
admin password
Password Policy Bypass

2. Incorrect Access Control (CVE-2024-33374)

  • Description: Insecure access control in the UART/Serial interface grants unauthenticated users root terminal access.
  • Impact: Direct exploitation could give attackers complete control over the device, leading to data theft or full compromise.
  • Mitigation: Update to the latest available firmware.
  • POC: Our test device provided the following log output during boot after hitting the Enter key:
root my blink
Incorrect Access Control

3. Credentials Stored in Cleartext / Unencrypted Credentials (CVE-2024-33375)

  • Description: User credentials are stored in plaintext within the router’s firmware.
  • Impact: If extracted, these credentials could be used for unauthorized access.
  • Mitigation: Update to the latest available firmware.
  • Proof of Concept: Credentials such as USER1 and USER2 were found unencrypted in the firmware.
credentials stored in cleartext
Credentials stored in Cleartext
Unencrypted Credentials

4. Clickjacking (CVE-2024-33377)

  • Description: The Administrator login page is vulnerable to clickjacking, allowing attackers to trick users into executing unintended actions via crafted web elements.
  • Impact: Exploitation could lead to unauthorized operations or redirection to malicious sites.
  • Mitigation: Update to the latest available firmware.
  • Proof of Concept: The admin login page can be loaded inside a transparent iframe by any unauthenticated user.
clickhijacking
Clickjacking

5. Outdated JavaScript Library

  • Description: The web interface uses an outdated Axios library (v0.21.0) affected by known vulnerabilities including Inefficient Regex Complexity and SSRF (CVE-2021-3749, CVE-2020-28168).
  • Impact: Attackers could exploit these flaws to compromise system stability and security.
  • Mitigation: Update to the latest available firmware.
  • Proof of Concept: The presence of axios.min.js v0.21.0 was confirmed.
Outdated JavaScript Library - axios.min.js
Outdated JavaScript Library - axios.min.js

6. HTTP-Only Flag not set on Cookies

  • Description: The “sysauth” cookie does not implement the HTTP-Only flag, leaving it exposed to client-side scripts.
  • Impact: This omission increases the risk of session hijacking through malicious JavaScript injection.
  • Mitigation: Update to the latest available firmware.
  • POC: The HTTP-Only flag is not being set on the authentication cookies in the web application after an administrator logs in:
HTTP-Only flag not set on "sysauth" Cookie
HTTP-Only flag not set on "sysauth" Cookie

Conclusion

The vulnerabilities identified in the LB-Link BL-W1210M router present serious risks ranging from credential theft to full system compromise. Users should upgrade to the latest firmware as soon as possible to mitigate these threats.

At Redfox Security, we specialize in uncovering and mitigating such risks. If your organization wants to strengthen its security posture, our team of experienced consultants can help assess vulnerabilities and provide tailored remediation strategies.

Take action today and protect your infrastructure and data by engaging our experts. Also explore our comprehensive security training courses and build in-house expertise.

Recent Blog

September 05, 2025
This Is the Hacker’s Swiss Army Knife. Have You Heard About It?
August 25, 2025
The Scariest Gmail Hack Yet: Why Google Is Sounding The Alarm
August 11, 2025
Downgrade Frida Version on iOS Devices

Follow Us

Youtube X-twitter Facebook Instagram Linkedin Github Medium

Delaware Office

Redfox Cyber Security Inc.
8 The Green, Ste. A, Dover,
Delaware 19901,
United States.

info@redfoxsec.com

Quick Menu

Legal

Newsletter

Success
Thank you! Form submitted successfully.
This field is required

©️2025 Redfox Cyber Security Inc. All rights reserved.