Critical Vulnerability in LB-LINK Wireless Routers

Advisory Date

Overview

The Jamaica Cyber Response Team is advising the general public about a critical vulnerability in LB-Link Wireless Routers, CVE-2023-26801, with a CVSS score of 9.8 which has been actively exploited in the wild.  An unauthorized attacker can exploit this command injection flaw by sending crafted requests to /goform/set_LimitClient_cfg and executing arbitrary instructions on remote devices. Researchers discovered that this vulnerability was being exploited to spread the Mirai botnet malware.
LB-LINK BL-AC1900_2.0 V1.0.1, LB-LINK BL-WR9000 V2.4.9, LB-LINK BL-X26 V1.2.5, and LB-LINK BL-LTE300 V1.0.8 are among the firmware versions impacted.  

Recommendations/ Mitigations:

For recommendations to reduce the risk against this vulnerability, The Jamaica Cyber Incident Response Team advises that users/managers or administrators  read the cybersecurity advisory which provides the necessary steps of mitigation which includes the following: 

  • Monitor the vendor’s website for updates to firmware.
  • Promptly download and install the firmware updates for the affected versions if available.
  • Implement strong authentication measures such as multi factor authentication to prevent unauthorized access.
  • Make sure the LB-LINK Router is not directly accessible from the Internet.
  • In addition, performing regular security updates and network monitoring can help identify potential exploitation attempts or unauthorized access to LB-LINK routers.

Other references:

We also recommend looking at the following link for more information:
https://unit42.paloaltonetworks.com/mirai-variant-iz1h9/