CVE-2025-7565 is a vulnerability identified in the LB-LINK BL-AC3600 wireless router series, specifically affecting firmware versions up to 1.0.22. The flaw resides in the Web Management Interface component, within the geteasycfg function of the /cgi-bin/lighttpd.cgi file. This vulnerability allows an unauthenticated remote attacker to manipulate the 'Password' argument in HTTP requests to the device's web interface, resulting in information disclosure. The disclosed information could include sensitive configuration data or credentials stored or accessible through this interface. The vulnerability is remotely exploitable without requiring authentication or user interaction, which significantly increases the attack surface. The CVSS 4.0 base score is 6.9, categorized as medium severity, reflecting the ease of exploitation (network vector, low attack complexity, no privileges or user interaction required) but limited impact scope (confidentiality impact is low, no integrity or availability impact). The vendor LB-LINK was notified but has not responded or released a patch, and public exploit code is available, increasing the risk of exploitation. This vulnerability highlights a critical weakness in the router's web management interface, potentially exposing sensitive device information to attackers who can leverage it for further attacks or network intrusion.

For European organizations, the exploitation of CVE-2025-7565 could lead to unauthorized disclosure of sensitive router configuration data, including network credentials or administrative settings. This exposure can facilitate lateral movement within corporate networks, enable attackers to bypass security controls, or launch further attacks such as man-in-the-middle or persistent backdoors. Organizations relying on LB-LINK BL-AC3600 devices for critical network infrastructure may face increased risk of data breaches or network compromise. Given the lack of vendor response and patches, the threat remains persistent. The impact is particularly significant for small and medium enterprises (SMEs) and public sector entities that may use these cost-effective routers without advanced security monitoring. Additionally, the vulnerability could be exploited by cybercriminals or nation-state actors targeting European networks for espionage or disruption, especially if these devices are deployed in sensitive environments.

1. Immediate network segmentation: Isolate LB-LINK BL-AC3600 devices from critical network segments to limit exposure. 2. Disable remote management: If remote web management is enabled, disable it or restrict access to trusted IP addresses only. 3. Monitor network traffic: Implement IDS/IPS rules to detect suspicious HTTP requests targeting /cgi-bin/lighttpd.cgi with anomalous 'Password' parameters. 4. Replace vulnerable devices: Where feasible, replace affected routers with models from vendors with active security support and patch management. 5. Apply compensating controls: Use VPNs or secure tunnels for management access to reduce direct exposure. 6. Regularly audit device configurations and logs for signs of compromise. 7. Engage with LB-LINK support channels persistently to seek firmware updates or official patches. 8. Educate IT staff about this vulnerability and ensure incident response plans include scenarios involving router compromise.