CVE-2025-45986
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
13/06/2025
Last modified:
23/07/2025
Description
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via the mac parameter in the bs_SetMacBlack function.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:b-link:bl-x10_ac8_firmware:1.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:h:b-link:bl-x10_ac8:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:b-link:bl-lte300_firmware:1.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:b-link:bl-lte300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:b-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:b-link:bl-wr9000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:b-link:bl-ac2100_az3_firmware:1.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:b-link:bl-ac2100_az3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:b-link:blac450m_ae4_firmware:4.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:b-link:blac450m_ae4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:b-link:bl-x26_da3_firmware:1.2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:b-link:bl-x26_da3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:b-link:bl-f1200_at1_firmware:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:b-link:bl-f1200_at1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:b-link:bl-x26_ac8_firmware:1.2.8:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page