CVE-2025-45987
Published: 13 June 2025
Summary
CVE-2025-45987 is a critical-severity Command Injection (CWE-77) vulnerability in B-Link Bl-Wr9000 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2025-45987 affects multiple LB-LINK Blink router models including BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7. The devices contain several instances of command injection in the bs_SetDNSInfo function, where unsanitized input to the dns1 and dns2 parameters is passed to the system shell.
An unauthenticated attacker with network access can supply crafted DNS values to execute arbitrary commands on the router with root privileges. Successful exploitation yields full control over device configuration, traffic interception, and persistence, consistent with the CVSS 9.8 rating and CWE-77 classification.
The single public reference is a technical disclosure containing proof-of-concept details for the dns1 injection path; no vendor advisory, firmware update, or mitigation guidance is referenced in the available information. The associated EPSS score has remained flat at 0.1330 since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-18262
Vulnerability details
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.