CVE-2025-45987
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-07-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| b-link | bl-lte300 | * |
| b-link | bl-wr9000_firmware | 2.4.9 |
| b-link | bl-wr9000 | * |
| b-link | bl-ac2100_az3_firmware | 1.0.4 |
| b-link | bl-ac2100_az3 | * |
| b-link | bl-lte300_firmware | 1.2.3 |
| b-link | bl-f1200_at1_firmware | 1.0.0 |
| b-link | bl-f1200_at1 | * |
| b-link | bl-x26_ac8_firmware | 1.2.8 |
| b-link | bl-x26_ac8 | * |
| b-link | blac450m_ae4_firmware | 4.0.0 |
| b-link | blac450m_ae4 | * |
| b-link | bl-x26_da3_firmware | 1.2.7 |
| b-link | bl-x26_da3 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-45987 is a command injection vulnerability found in several Blink router models. It occurs via the dns1 and dns2 parameters in the bs_SetDNSInfo function, allowing attackers to inject arbitrary commands into the device. This unauthorized command injection can lead to attackers gaining control or unauthorized access to the affected routers. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary commands on affected Blink routers, potentially leading to unauthorized access, control over the device, disruption of network services, or further exploitation within the network environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring for unusual or unauthorized use of the dns1 and dns2 parameters in the bs_SetDNSInfo function, which are vulnerable to command injection. Specific commands or network traffic patterns involving these parameters may indicate exploitation attempts. However, no explicit detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable dns1 and dns2 parameters, applying any available firmware updates from the vendor that address the command injection vulnerabilities, and monitoring device logs for suspicious activity related to the bs_SetDNSInfo function. Since the vulnerability allows unauthorized command injection, limiting network exposure and access controls are critical. [1]