{"id":76815,"date":"2025-09-26T14:27:18","date_gmt":"2025-09-26T14:27:18","guid":{"rendered":""},"modified":"2025-11-03T21:09:28","modified_gmt":"2025-11-04T03:09:28","slug":"cve-2025-10773-stack-based-buffer-overflow-vulnerability-in-b-link-bl-ac2100","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-10773-stack-based-buffer-overflow-vulnerability-in-b-link-bl-ac2100\/","title":{"rendered":"<strong>CVE-2025-10773: Stack-Based Buffer Overflow Vulnerability in B-Link BL-AC2100<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>A critical security vulnerability, CVE-2025-10773, has been discovered in B-Link BL-AC2100 up to 1.0.3. This vulnerability primarily affects the Web Management Interface component of the system. It is particularly concerning because the attack can be <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-28988-java-deserialization-remote-code-execution-vulnerability-in-solarwinds-web-help-desk\/\"  data-wpil-monitor-id=\"85277\">executed remotely<\/a>, and the exploit has been made public, increasing the chances of malicious attempts.<br \/>\nThe flaw lies in the function delshrpath of the file \/goform\/set_delshrpath_cfg. The manipulation of the argument Type results in a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9299-remote-stack-based-buffer-overflow-vulnerability-in-tenda-m3-1-0-0-12\/\"  data-wpil-monitor-id=\"84148\">stack-based buffer overflow<\/a>, which can potentially lead to a system compromise or data leakage. The vendor, unfortunately, has not responded to the disclosure, increasing the risk factor for users of the affected product.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-10773<br \/>\nSeverity: High (CVSS: 8.8)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9791-critical-vulnerability-in-tenda-ac20-16-03-08-05-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"84971\">Potential system<\/a> compromise and data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2183668288\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>B-Link BL-AC2100 | up to 1.0.3<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of a stack-based buffer overflow <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6791-sql-injection-vulnerability-in-centreon-web-monitoring-event-logs-module\/\"  data-wpil-monitor-id=\"84147\">vulnerability in the Web<\/a> Management Interface of the B-Link BL-AC2100. Specifically, the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55454-authenticated-arbitrary-file-upload-vulnerability-in-dootask-v1-0-51\/\"  data-wpil-monitor-id=\"84446\">vulnerability lies in the &#8220;delshrpath&#8221; function of the &#8220;\/goform\/set_delshrpath_cfg&#8221; file<\/a>.<br \/>\nAn attacker can manipulate the &#8220;Type&#8221; argument to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9251-high-risk-buffer-overflow-vulnerability-in-linksys-wi-fi-extenders\/\"  data-wpil-monitor-id=\"84154\">overflow the buffer<\/a>. This overflow can lead to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-57771-arbitrary-command-execution-vulnerability-in-roo-code-ai\/\"  data-wpil-monitor-id=\"84833\">arbitrary code execution<\/a>, potentially granting the attacker full control over the system. The attacker can perform this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48817-exploiting-relative-path-traversal-in-remote-desktop-clients\/\"  data-wpil-monitor-id=\"92339\">exploit from a remote<\/a> location, making it a severe and widespread threat.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3911140614\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>The following is a conceptual example of how this vulnerability might be exploited. Please note that this is pseudocode and should not be used for malicious purposes.<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/goform\/set_delshrpath_cfg HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{\n&quot;Type&quot;: &quot;A&quot;*1000\n}<\/code><\/pre>\n<p>In the above example, the &#8220;Type&#8221; argument is filled with a large number of &#8220;A&#8221; characters, far exceeding the buffer&#8217;s capacity, causing it to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9253-stack-based-buffer-overflow-on-linksys-wi-fi-range-extenders-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"84163\">overflow and potentially executing arbitrary code on the system<\/a>.<\/p>\n<p><strong>Mitigation and Prevention<\/strong><\/p>\n<p>As of now, the vendor has yet to respond with a patch. However, as a temporary measure, users can apply Web Application Firewall (WAF) or Intrusion Detection System (IDS) to mitigate potential attacks. It is also advisable to regularly monitor and update all <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27215-unauthorized-system-modification-vulnerability-in-unifi-display-cast-devices\/\"  data-wpil-monitor-id=\"84873\">systems to prevent potential vulnerabilities<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview A critical security vulnerability, CVE-2025-10773, has been discovered in B-Link BL-AC2100 up to 1.0.3. This vulnerability primarily affects the Web Management Interface component of the system. It is particularly concerning because the attack can be executed remotely, and the exploit has been made public, increasing the chances of malicious attempts. The flaw lies in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[86,80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-76815","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-buffer-overflow","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/76815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=76815"}],"version-history":[{"count":10,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/76815\/revisions"}],"predecessor-version":[{"id":85562,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/76815\/revisions\/85562"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=76815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=76815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=76815"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=76815"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=76815"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=76815"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=76815"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=76815"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=76815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}