CVE-2025-45986

Name of the Vulnerable Software and Affected Versions Blink routers BL-WR9000 version 2.4.9 Blink routers BL-AC2100 AZ3 version 1.0.4 Blink routers BL-X10 AC8 version 1.0.5 Blink routers BL-LTE300 version 1.2.3 Blink routers BL-F1200 AT1 version 1.0.0 Blink routers BL-X26 AC8 version 1.2.8 Blink routers BLAC450M AE4 version 4.0.0 Blink routers BL-X26 DA3 version 1.2.7

Description A command injection vulnerability was discovered in the Blink routers via the mac parameter in the bs SetMacBlack function.

Recommendations For version 2.4.9 of BL-WR9000, consider disabling the bs SetMacBlack function until a patch is available. For version 1.0.4 of BL-AC2100 AZ3, restrict access to the mac parameter in the bs SetMacBlack function to minimize the risk of exploitation. For version 1.0.5 of BL-X10 AC8, avoid using the mac parameter in the affected function until the issue is resolved. For version 1.2.3 of BL-LTE300, consider disabling the bs SetMacBlack function until a patch is available. For version 1.0.0 of BL-F1200 AT1, restrict access to the mac parameter in the bs SetMacBlack function to minimize the risk of exploitation. For version 1.2.8 of BL-X26 AC8, avoid using the mac parameter in the affected function until the issue is resolved. For version 4.0.0 of BLAC450M AE4, consider disabling the bs SetMacBlack function until a patch is available. For version 1.2.7 of BL-X26 DA3, restrict access to the mac parameter in the bs SetMacBlack function to minimize the risk of exploitation.