Primary

Context

Blink Routers Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in several models of Blink routers, including the BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BL-AC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. The vulnerability arises in the bs_SetSSIDHide function, allowing for unauthorized command injection.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the device.

Added: Jun 13, 2025, 12:18 PM

Updated: Jun 13, 2025, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

7.1

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

7.1

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blink Routers Command Injection Vulnerability

Vulnerability

Impact

Affected Products

Blink BL-WR9000

Blink BL-AC2100_AZ3

Blink BL-X10_AC8

Blink BL-LTE300

Blink BL-F1200_AT1

Blink BL-X26_AC8

Blink BL-X26_DA3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating