Glkfc

**Name of the Vulnerable Software and Affected Versions** Blink routers BL-WR9000 version 2.4.9 Blink routers BL-AC2100 AZ3 version 1.0.4 Blink routers BL-X10 AC8 version 1.0.5 Blink routers BL-LTE300 version 1.2.3 Blink routers BL-F1200 AT1 version 1.0.0 Blink routers BL-X26 AC8 version 1.2.8 Blink routers BLAC450M AE4 version 4.0.0 Blink routers BL-X26 DA3 version 1.2.7 **Description** The issue concerns multiple command injection vulnerabilities. These vulnerabilities can be exploited via the `cmd` parameter in the `bs SetCmd` function. **Recommendations** For BL-WR9000 version 2.4.9, consider disabling the `bs SetCmd` function until a patch is available. For BL-AC2100 AZ3 version 1.0.4, restrict access to the `cmd` parameter in the `bs SetCmd` function to minimize the risk of exploitation. For BL-X10 AC8 version 1.0.5, avoid using the `cmd` parameter in the affected API endpoint until the issue is resolved. For BL-LTE300 version 1.2.3, consider temporarily disabling the `bs SetCmd` function to prevent exploitation. For BL-F1200 AT1 version 1.0.0, restrict the use of the `cmd` parameter in the `bs SetCmd` function. For BL-X26 AC8 version 1.2.8, disable the `bs SetCmd` function as a temporary workaround. For BLAC450M AE4 version 4.0.0, avoid using the `cmd` parameter in the `bs SetCmd` function. For BL-X26 DA3 version 1.2.7, restrict access to the `bs SetCmd` function to minimize the risk of exploitation.