Primary

Context

Blink Routers Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in several models of Blink routers, including the BL-WR9000, BL-AC1900, BL-AC2100_AZ3, BL-X10_AC8, BL-LTE300, BL-F1200_AT1, BL-X26_AC8, BL-AC450M_AE4, and BL-X26_DA3. The vulnerability arises in specific router firmware versions and is exploited through the routepwd parameter in the sub_45B238 function.

Impact

Exploitation of this vulnerability allows for unauthorized command injection on the affected routers.

Added: Jun 13, 2025, 12:24 PM

Updated: Jun 13, 2025, 12:24 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

6.7

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

6.7

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blink Routers Command Injection Vulnerability

Vulnerability

Impact

Affected Products

Blink BL-WR9000

Blink BL-AC1900

Blink BL-AC2100_AZ3

Blink BL-X10_AC8

Blink BL-LTE300

Blink BL-F1200_AT1

Blink BL-X26_AC8

Blink BLAC450M_AE4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating