CVE-2025-10773 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-10773?

CVE-2025-10773 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in the B-Link BL-AC2100 router's web management interface allows remote attackers to execute arbitrary code. This affects all versions up to 1.0.3. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in the B-Link BL-AC2100 router's web management interface allows remote attackers to execute arbitrary code. This affects all versions up to 1.0.3. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

B-Link BL-AC2100

Versions: Up to and including version 1.0.3

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with web management interface enabled are vulnerable. The vulnerable function is part of the share path configuration feature.

📦 What is this software?

Bl Ac2100 Firmware by Lb Link

View all CVEs affecting Bl Ac2100 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral network movement, and persistent backdoor installation.

🟠

Likely Case

Router takeover allowing traffic interception, DNS manipulation, credential theft, and denial of service.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted web interface access and network segmentation.

🌐 Internet-Facing: HIGH - The web interface is typically internet-accessible on routers, and exploit requires no authentication.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider replacing affected devices or implementing workarounds.

🔧 Temporary Workarounds

Disable Web Management Interface

all

Disable the router's web management interface to prevent remote exploitation

Access router CLI via SSH/Telnet
Navigate to web interface settings
Disable web management or restrict to local network only

Network Access Control

linux

Restrict access to router management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Segment network to isolate router from critical systems
Implement strict firewall rules blocking all external access to router management ports (80, 443, 8080)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at http://router-ip/status.asp or via SSH using 'cat /proc/version'

Check Version:

curl -s http://router-ip/status.asp | grep -i version

Verify Fix Applied:

No official fix available. Verify workarounds by testing that web interface is inaccessible from untrusted networks.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/set_delshrpath_cfg
Multiple failed buffer overflow attempts in web server logs
Unexpected process crashes or restarts

Network Indicators:

Unusual traffic patterns to router management ports from external IPs
POST requests with overly long Type parameter values

SIEM Query:

source="router_logs" AND (url="/goform/set_delshrpath_cfg" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-10773

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.22% exploit probability (44.6th percentile)

Published: September 22, 2025

Last Updated: September 30, 2025

🔗 References

https://github.com/maximdevere/CVE2/blob/main/README.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.325129 Permissions Required,VDB Entry
https://vuldb.com/?id.325129 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.649901 Third Party Advisory,VDB Entry
https://github.com/maximdevere/CVE2/blob/main/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10773, you might also want to check these: