fkie_cve-2025-45988
Vulnerability from fkie_nvd
Published
2025-06-13 12:15
Modified
2025-07-10 12:16
Severity ?
Summary
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bs_SetCmd function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| b-link | bl-wr9000_firmware | 2.4.9 | |
| b-link | bl-wr9000 | - | |
| b-link | bl-ac1900_firmware | 1.0.2 | |
| b-link | bl-ac1900 | - | |
| b-link | bl-ac2100_az3_firmware | 1.0.4 | |
| b-link | bl-ac2100_az3 | - | |
| b-link | bl-x10_ac8_firmware | 1.0.5 | |
| b-link | bl-x10_ac8 | - | |
| b-link | bl-lte300_firmware | 1.2.3 | |
| b-link | bl-lte300 | - | |
| b-link | bl-f1200_at1_firmware | 1.0.0 | |
| b-link | bl-f1200_at1 | - | |
| b-link | bl-x26_ac8_firmware | 1.2.8 | |
| b-link | bl-x26_ac8 | - | |
| b-link | blac450m_ae4_firmware | 4.0.0 | |
| b-link | blac450m_ae4 | - | |
| b-link | bl-x26_da3_firmware | 1.2.7 | |
| b-link | bl-x26_da3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A3280-9C15-4961-8C69-9ECE34528FDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-wr9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5ADB0D-6D03-448A-A0F3-7C238A20AF46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-ac1900_firmware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE554304-8F2B-40A1-98CB-DE641B4CCE61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-ac1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5CA5E8-C497-475E-B0CE-6F54B6E9BFA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-ac2100_az3_firmware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05E31365-4655-4B8D-9B75-AE70292C12C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-ac2100_az3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B134A86-F380-4BE4-9CEC-5CBAE046CF8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-x10_ac8_firmware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA6D548-72E1-435B-8EDB-50C1C258CE9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-x10_ac8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B153FF75-DDAF-4B43-8D54-C8211C607C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-lte300_firmware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8907D058-539D-44B8-BC30-EC137B4C6841",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-lte300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D0EC-F71B-4CD6-8013-EDCDE49B6BC9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-f1200_at1_firmware:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD8A5B3-0FF1-4512-9AEB-68A801956085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-f1200_at1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9391FA6B-40EF-4A53-9B38-3F5EA0611970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-x26_ac8_firmware:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE90D05-D32B-4C52-917C-024FB4814751",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-x26_ac8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A13AD09A-4BF0-49B9-AB05-439D34413C81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:blac450m_ae4_firmware:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5422B990-7572-42A1-89C4-D8FEEEC066ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:blac450m_ae4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A469F008-B95F-480C-A677-43E6D448FEEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:b-link:bl-x26_da3_firmware:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D8F5C4-F1A2-4E88-A795-DEAC4E77B3C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:b-link:bl-x26_da3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F576A-7D13-4311-9FDD-9BFB4E5705D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bs_SetCmd function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que los enrutadores Blink BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 y BL-X26_DA3 v1.2.7 conten\u00edan m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro cmd en la funci\u00f3n bs_SetCmd."
}
],
"id": "CVE-2025-45988",
"lastModified": "2025-07-10T12:16:15.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-13T12:15:34.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_cmd%20Indicates%20the%20unauthorized%20command%20injection/The%20LB-LINK_cmd%20command%20is%20used%20to%20inject%20information.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…