CVE-2025-45987 | Blink BL-X26_DA3 bs_SetDNSInfo dns1/dns2 command injection

Inserito da Angelo Barbosa | Giu 13, 2025 | CVE

A vulnerability has been found in Blink BL-WR9000, BL-AC2100_AZ3, BL-X10_AC8, BL-LTE300, BL-F1200_AT1, BL-X26_AC8, BLAC450M_AE4 and BL-X26_DA3 and classified as critical. Affected by this vulnerability is the function bs_SetDNSInfo. The manipulation of the argument dns1/dns2 leads to command injection.

This vulnerability is known as CVE-2025-45987. The attack can be launched remotely. There is no exploit available.

CVE-2025-45987 | Blink BL-X26_DA3 bs_SetDNSInfo dns1/dns2 command injection

Post correlati

CVE-2024-4754 | Next4Biz CRM & BPM Software Business Process Manangement 6.6.4.4 cross site scripting

CVE-2024-36178 | Adobe Experience Manager up to 6.5.20 cross site scripting (apsb24-28)

CVE-2024-30256 | Open WebUI up to 0.1.116 server-side request forgery (GHSA-39wr-r5vm-3jxj)

CVE-2023-39367 | Peplink Smart Reader 1.2.0 Web Interface mac2name os command injection (TALOS-2023-1867)