PT-2025-25405 · Blink · Bl-Ac2100 Az3+7
Published
2025-04-12
·
Updated
2025-07-10
·
CVE-2025-45985
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Blink routers BL-WR9000 version 2.4.9
Blink routers BL-AC2100 AZ3 version 1.0.4
Blink routers BL-X10 AC8 version 1.0.5
Blink routers BL-LTE300 version 1.2.3
Blink routers BL-F1200 AT1 version 1.0.0
Blink routers BL-X26 AC8 version 1.2.8
Blink routers BLAC450M AE4 version 4.0.0
Blink routers BL-X26 DA3 version 1.2.7
Description
The issue is related to a command injection vulnerability via the
bs SetSSIDHide function. This vulnerability affects various Blink router models.Recommendations
For BL-WR9000 version 2.4.9, consider disabling the
bs SetSSIDHide function until a patch is available.
For BL-AC2100 AZ3 version 1.0.4, consider disabling the bs SetSSIDHide function until a patch is available.
For BL-X10 AC8 version 1.0.5, consider disabling the bs SetSSIDHide function until a patch is available.
For BL-LTE300 version 1.2.3, consider disabling the bs SetSSIDHide function until a patch is available.
For BL-F1200 AT1 version 1.0.0, consider disabling the bs SetSSIDHide function until a patch is available.
For BL-X26 AC8 version 1.2.8, consider disabling the bs SetSSIDHide function until a patch is available.
For BLAC450M AE4 version 4.0.0, consider disabling the bs SetSSIDHide function until a patch is available.
For BL-X26 DA3 version 1.2.7, consider disabling the bs SetSSIDHide function until a patch is available.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bl-Ac2100 Az3
Bl-F1200 At1
Bl-Lte300
Bl-Wr9000
Bl-X10 Ac8
Bl-X26 Ac8
Bl-X26 Da3
Blac450M Ae4