CVE-2025-45984

Name of the Vulnerable Software and Affected Versions Blink routers BL-WR9000 version 2.4.9 Blink routers BL-AC1900 version 1.0.2 Blink routers BL-AC2100 AZ3 version 1.0.4 Blink routers BL-X10 AC8 version 1.0.5 Blink routers BL-LTE300 version 1.2.3 Blink routers BL-F1200 AT1 version 1.0.0 Blink routers BL-X26 AC8 version 1.2.8 Blink routers BLAC450M AE4 version 4.0.0 Blink routers BL-X26 DA3 version 1.2.7

Description The issue is related to a command injection vulnerability. This vulnerability occurs via the routepwd parameter in the sub 45B238 function.

Recommendations For BL-WR9000 version 2.4.9, consider disabling the sub 45B238 function until a patch is available. For BL-AC1900 version 1.0.2, restrict access to the routepwd parameter in the affected function to minimize the risk of exploitation. For BL-AC2100 AZ3 version 1.0.4, avoid using the routepwd parameter in the sub 45B238 function until the issue is resolved. For BL-X10 AC8 version 1.0.5, temporarily disable the sub 45B238 function to prevent potential exploitation. For BL-LTE300 version 1.2.3, restrict the use of the routepwd parameter to authorized personnel only. For BL-F1200 AT1 version 1.0.0, consider applying configuration changes to limit the impact of the vulnerability. For BL-X26 AC8 version 1.2.8, disable the sub 45B238 function as a temporary workaround. For BLAC450M AE4 version 4.0.0, avoid using the affected function until a fix is available. For BL-X26 DA3 version 1.2.7, restrict access to the vulnerable parameter to minimize the risk of exploitation.