Primary

Context

Blink Routers Command Injection Vulnerability via MAC Parameter

Vulnerability

A command injection vulnerability has been identified in several models of Blink routers, including the BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BL-AC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. The vulnerability arises in the 'bs_SetMacBlack' function, where the 'mac' parameter is improperly handled, allowing for command injection.

Impact

Exploitation of this vulnerability allows for unauthorized command injection on the affected devices.

Added: Jun 13, 2025, 12:16 PM

Updated: Jun 13, 2025, 12:16 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

6.7

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.2

threat

6.7

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blink Routers Command Injection Vulnerability via MAC Parameter

Vulnerability

Impact

Affected Products

Blink BL-WR9000

Blink BL-AC2100_AZ3

Blink BL-X10_AC8

Blink BL-LTE300

Blink BL-F1200_AT1

Blink BL-X26_AC8

Blink BL-X26_DA3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating