CVE-2025-10773

HighPublic PoC

Published: 22 September 2025

Published

22 September 2025

Modified

30 September 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0040 60.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10773 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Lb-Link Bl-Ac2100 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates the stack-based buffer overflow by enforcing validation of the 'Type' argument in the delshrpath function to prevent improper memory operations.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms like stack canaries, ASLR, and DEP to block exploitation of the stack buffer overflow in the Web Management Interface.

SI-2 Flaw Remediation good match

preventrecover

Requires timely remediation of the identified buffer overflow flaw through patching or workarounds for affected B-Link BL-AC2100 firmware up to 1.0.3.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Unauthenticated stack-based buffer overflow in the router's web management interface (/goform/set_delshrpath_cfg) enables remote exploitation of a public-facing application (T1190) and application/system exploitation for denial of service (T1499.004), potentially paralyzing the device and network.

NVD Description

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of the argument Type results in stack-based buffer…

overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-10773 is a stack-based buffer overflow vulnerability affecting the delshrpath function in the /goform/set_delshrpath_cfg file of the Web Management Interface component in B-Link BL-AC2100 routers up to version 1.0.3. The issue arises from manipulation of the Type argument, as documented in the CVE description published on 2025-09-22.

The vulnerability can be exploited remotely by authenticated users with low privileges (PR:L), requiring low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), yielding a CVSS v3.1 base score of 8.8. It maps to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).

VulDB advisories note that the vendor was contacted early regarding disclosure but provided no response, and no patches are referenced. A public exploit is available in a GitHub repository at https://github.com/maximdevere/CVE2/blob/main/README.md, increasing the risk of active exploitation. Security practitioners should isolate affected devices and monitor for anomalous Web Management Interface activity until firmware updates are available.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

lb-link

bl-ac2100 firmware

≤ 1.0.3

CVEs Like This One

CVE-2026-4226Same vendor: Lb-Link

CVE-2025-2369Shared CWE-119, CWE-121

CVE-2025-1340Shared CWE-119, CWE-121

CVE-2025-14136Shared CWE-119, CWE-121

CVE-2026-4227Same vendor: Lb-Link

CVE-2025-1610Same vendor: Lb-Link

CVE-2026-4228Same vendor: Lb-Link

CVE-2025-1608Same vendor: Lb-Link

CVE-2025-1609Same vendor: Lb-Link

CVE-2025-9580Same vendor: Lb-Link

References

https://github.com/maximdevere/CVE2/blob/main/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.325129
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.325129
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.649901
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/maximdevere/CVE2/blob/main/README.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0