What is the CVSS score of CVE-2025-45987?

CVE-2025-45987 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 3.0%.

Which versions of Bl Ac2100 Az3 Firmware are affected by CVE-2025-45987?

A critical remote code execution vulnerability affects multiple Blink router models, allowing unauthenticated attackers to execute arbitrary commands through DNS configuration parameters.

Is there a public PoC exploit available for CVE-2025-45987?

Yes, a public proof-of-concept exploit is available for CVE-2025-45987. Prioritise patching immediately. EPSS: 3.0%.

How to fix or mitigate CVE-2025-45987?

Within 24 hours: Identify and inventory all affected Blink router models in your network using the provided model/version list. Within 7 days: Implement network segmentation to isolate affected routers, disable remote management features, and restrict DNS parameter configuration to trusted administrators only. Within 30 days: Contact Blink for patch availability updates, evaluate router replacement or upgrade options, and consider deploying a Web Application Firewall (WAF) with DNS injection detection rules if routers cannot be replaced.

Bl Ac2100 Az3 Firmware CVE-2025-45987

EUVD-2025-18262 CRITICAL

Command Injection (CWE-77)

2025-06-13 cve@mitre.org

Command Injection Bl Ac2100 Az3 Firmware Bl F1200 At1 Firmware Bl Lte300 Firmware Bl Wr9000 Firmware Bl X26 Ac8 Firmware Bl X26 Da3 Firmware Blac450m Ae4 Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2025-18262

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

PoC Detected

Jul 10, 2025 - 12:16 vuln.today

Public exploit code

CVE Published

Jun 13, 2025 - 12:15 nvd

CRITICAL 9.8

DescriptionNVD

Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function.

AnalysisAI

Multiple Blink router models (8 distinct firmware versions across product lines) contain unauthenticated command injection vulnerabilities in the DNS configuration function (bs_SetDNSInfo), allowing remote attackers to execute arbitrary system commands with no authentication required. The CVSS 9.8 rating reflects the critical nature: network-exploitable, no privilege escalation needed, and complete compromise of confidentiality, integrity, and availability. While no KEV or public POC is documented in standard vulnerability databases as of this analysis, the combination of network accessibility and lack of authentication requirements makes this a high-priority threat for all affected Blink router owners.

Technical ContextAI

The vulnerability resides in the bs_SetDNSInfo function, which processes DNS configuration parameters (dns1 and dns2) without proper input validation or sanitization. This is a classic CWE-77 (Improper Neutralization of Special Elements used in a Command) case where user-supplied input is concatenated directly into shell commands executed via system calls. The affected routers span multiple product lines (BL-WR9000, BL-AC2100, BL-X10, BL-LTE300, BL-F1200, BL-X26 variants) and hardware revisions, suggesting a common vulnerable codebase shared across Blink's router firmware. CPE identifiers would typically be structured as cpe:2.3:o:blink:*:firmware_version or cpe:2.3:h:blink:product_model for these embedded systems. The dns1/dns2 parameters are network-accessible via the router's web interface or API endpoints, requiring no authentication per the CVSS vector (PR:N), making exploitation trivial for any network-adjacent attacker.

RemediationAI

Immediate actions: (1) Contact Blink support to obtain patched firmware versions for each affected model—do not assume firmware versions exist yet if not publicly announced; (2) If patches are available, perform immediate firmware updates on all affected routers via the web interface (Administration > Firmware Upgrade) or automatic update mechanisms; (3) Interim mitigations if patches unavailable: (a) Restrict router management interface access to trusted IPs via firewall rules or ACLs; (b) Disable remote management features if enabled (disable UPnP, disable WAN-side access to web interface); (c) Ensure strong administrative credentials (change default passwords immediately); (d) Segment router from critical network assets using VLAN isolation; (e) Monitor firewall logs for suspicious DNS configuration requests (POST to /dns_config or similar endpoints); (4) For all users: check Blink's official support page and security bulletin for patched firmware versions and deployment timeline. Do not delay—this is critical.

CVE-2025-45987 vulnerability details – vuln.today

Back

Bl Ac2100 Az3 Firmware CVE-2025-45987

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code