Primary

Context

BL-AC2100 Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in the BL-AC2100 access point, all versions through 1.0.4. The issue arises from the enable parameter passed to /goform/set_hidessid_cfg, which is not properly validated, allowing attackers to execute arbitrary code.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Reproduction

To reproduce this vulnerability, send a request to the /goform/set_hidessid_cfg endpoint with the enable parameter. The lack of proper input validation in this parameter allows for the execution of arbitrary code on the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BL-AC2100 Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating