Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
10 Jul 2025, 12:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_dns1%20Unauthorized%20command%20injection/The%20LB-LINK_dns1%20command%20is%20used%20to%20inject%20the%20information.md - Exploit | |
CPE | cpe:2.3:h:b-link:bl-x26_ac8:-:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-x26_ac8_firmware:1.2.8:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-x26_da3_firmware:1.2.7:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-f1200_at1:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:blac450m_ae4:-:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-ac2100_az3_firmware:1.0.4:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-lte300:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-x26_da3:-:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-ac2100_az3:-:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-lte300_firmware:1.2.3:*:*:*:*:*:*:* cpe:2.3:o:b-link:blac450m_ae4_firmware:4.0.0:*:*:*:*:*:*:* cpe:2.3:h:b-link:bl-wr9000:-:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-f1200_at1_firmware:1.0.0:*:*:*:*:*:*:* cpe:2.3:o:b-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:* |
|
First Time |
B-link blac450m Ae4 Firmware
B-link bl-f1200 At1 Firmware B-link B-link bl-lte300 Firmware B-link bl-x26 Da3 Firmware B-link bl-ac2100 Az3 B-link bl-wr9000 B-link bl-ac2100 Az3 Firmware B-link bl-lte300 B-link bl-x26 Da3 B-link bl-x26 Ac8 B-link bl-wr9000 Firmware B-link bl-f1200 At1 B-link blac450m Ae4 B-link bl-x26 Ac8 Firmware |
13 Jun 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
13 Jun 2025, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-13 12:15
Updated : 2025-07-10 12:16
NVD link : CVE-2025-45987
Mitre link : CVE-2025-45987
CVE.ORG link : CVE-2025-45987
JSON object : View
Products Affected
b-link
- blac450m_ae4
- bl-ac2100_az3
- blac450m_ae4_firmware
- bl-f1200_at1
- bl-ac2100_az3_firmware
- bl-wr9000
- bl-lte300_firmware
- bl-x26_ac8_firmware
- bl-x26_da3_firmware
- bl-x26_da3
- bl-f1200_at1_firmware
- bl-x26_ac8
- bl-wr9000_firmware
- bl-lte300
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')