Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
10 Jul 2025, 12:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
B-link blac450m Ae4 Firmware
B-link B-link bl-lte300 Firmware B-link bl-x10 Ac8 Firmware B-link bl-ac2100 Az3 Firmware B-link bl-x26 Da3 B-link bl-wr9000 Firmware B-link blac450m Ae4 B-link bl-x26 Ac8 Firmware B-link bl-f1200 At1 Firmware B-link bl-x26 Da3 Firmware B-link bl-ac2100 Az3 B-link bl-wr9000 B-link bl-lte300 B-link bl-x10 Ac8 B-link bl-x26 Ac8 B-link bl-f1200 At1 |
|
CPE | cpe:2.3:h:b-link:bl-x26_ac8:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-f1200_at1:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-x26_da3:-:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-ac2100_az3_firmware:1.0.4:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-x10_ac8:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-ac2100_az3:-:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-x10_ac8_firmware:1.0.5:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-lte300_firmware:1.2.3:*:*:*:*:*:*:* cpe:2.3:o:b-link:blac450m_ae4_firmware:4.0.0:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-x26_ac8_firmware:1.2.8:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-x26_da3_firmware:1.2.7:*:*:*:*:*:*:* cpe:2.3:h:b-link:blac450m_ae4:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-lte300:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-wr9000:-:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-f1200_at1_firmware:1.0.0:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:* |
|
References | () https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_enable%20Unauthorized%20command%20injection/LB-LINK_enable%20command%20injection.md - Exploit |
13 Jun 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
13 Jun 2025, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-13 12:15
Updated : 2025-07-10 12:15
NVD link : CVE-2025-45985
Mitre link : CVE-2025-45985
CVE.ORG link : CVE-2025-45985
JSON object : View
Products Affected
b-link
- blac450m_ae4
- bl-x10_ac8_firmware
- bl-ac2100_az3
- blac450m_ae4_firmware
- bl-f1200_at1
- bl-ac2100_az3_firmware
- bl-wr9000
- bl-lte300_firmware
- bl-x26_ac8_firmware
- bl-x26_da3_firmware
- bl-x26_da3
- bl-f1200_at1_firmware
- bl-x26_ac8
- bl-x10_ac8
- bl-wr9000_firmware
- bl-lte300
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')