CVE-2026-4226 - Vulnerability Details

- LB-LINK BL-WR9000 get_virtual_cfg sub_44E8D0 stack-based overflow

Description

A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-16

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability is a stack-based buffer overflow in the BL-WR9000’s /goform/get_virtual_cfg endpoint, located in the sub_44E8D0 function. An attacker can exploit the overflow by sending crafted input, potentially leading to arbitrary code execution on the device. The weakness is characterized by the CWE identifiers for buffer overflow and memory corruption, indicating a serious integrity compromise of the device’s firmware. The impact is that an unauthenticated remote attacker can gain control of the router, potentially enabling further network attacks or a pivot to internal assets.

Affected Systems

The affected product is the LB-LINK BL-WR9000 router running firmware version 2.4.9. No other versions are listed, so the scope is limited to this particular firmware build. Administrators should verify whether their deployed units match this version or a vulnerable variant.

Risk and Exploitability

The CVSS score of 8.7 classifies this issue as high severity, and the EPSS score of less than 1% suggests low current exploitation activity. The vulnerability is not yet catalogued in CISA’s KEV list. The attack vector is remote, as the description states, and can be carried out by sending malicious requests to the vulnerable endpoint. Successful exploitation would allow attackers to inject code, modify firmware, or otherwise compromise device integrity.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

LB-LINK

BL-WR9000

affected

Version	Status	Constraints
`2.4.9`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:lb-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:*

cpe:2.3:h:lb-link:bl-wr9000:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Lb-link

Bl-wr9000

100%

Version	Status	Scheme	Platform
`2.4.9`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Obtain and install the latest LB-LINK BL-WR9000 firmware that addresses the buffer overflow.
If an update is unavailable, restrict network access to the device’s management interface, especially the /goform/get_virtual_cfg endpoint, using firewall rules or gateway filtering.
Monitor device logs for repeated attempts to access get_virtual_cfg and for signs of anomalous traffic.
Validate the firmware update by confirming the endpoint no longer processes identical malicious requests.

Generated by OpenCVE AI on March 20, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00119.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_VirtualRules%20stack%20overflow_EN.md
https://vuldb.com/?ctiid.351149
https://vuldb.com/?id.351149
https://vuldb.com/?submit.771207

History

Fri, 20 Mar 2026 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lb-link bl-wr9000 Firmware
Weaknesses		CWE-787
CPEs		cpe:2.3:h:lb-link:bl-wr9000:-:::::::* cpe:2.3:o:lb-link:bl-wr9000_firmware:2.4.9:::::::*
Vendors & Products		Lb-link bl-wr9000 Firmware

Tue, 17 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lb-link Lb-link bl-wr9000
Vendors & Products		Lb-link Lb-link bl-wr9000

Mon, 16 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		LB-LINK BL-WR9000 get_virtual_cfg sub_44E8D0 stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_VirtualRules%20stack%20overflow_EN.md https://vuldb.com/?ctiid.351149 https://vuldb.com/?id.351149 https://vuldb.com/?submit.771207
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Lb-link Bl-wr9000 Bl-wr9000 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-16T07:32:10.845Z

Updated: 2026-03-16T17:06:42.899Z

Reserved: 2026-03-15T18:41:08.804Z

Link: CVE-2026-4226

Vulnrichment

Updated: 2026-03-16T17:06:36.652Z

NVD

Status : Analyzed

Published: 2026-03-16T14:20:15.527

Modified: 2026-03-20T18:21:05.403

Link: CVE-2026-4226

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:45:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object