CVE-2025-29063

Name of the Vulnerable Software and Affected Versions BL-AC2100 versions 1.0.4 and earlier

Description The issue allows a remote attacker to execute arbitrary code via the enable parameter passed to "/goform/set hidessid cfg", which is not handled properly.

Recommendations For BL-AC2100 versions 1.0.4 and earlier, as a temporary workaround, consider restricting access to the "/goform/set hidessid cfg" endpoint until a patch is available. Avoid using the enable parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.