CNNVD-202506-1734 Information

Jun 13, 2025 cve

CNNVD ID

CNNVD-202506-1734

CVE-2025-45986

CNNVD Published: 2025-06-13

Description (Chinese)

LB-LINK BL-X26等都是中国必联（LB-LINK）公司的产品。LB-LINK BL-X26是一款无线路由器。LB-LINK BL-LTE300是一款无线路由器。LB-LINK BL-AC2100是一款无线 Wi-Fi 6 路由器。 LB-LINK多款产品存在安全漏洞，该漏洞源于bs_SetMacBlack函数中mac参数存在命令注入。以下产品和版本受到影响： BL-WR9000 V2.4.9版本、BL-AC2100_AZ3 V1.0.4版本、BL-X10_AC8 V1.0.5版本、BL-LTE300 V1.2.3版本、BL-F1200_AT1 V1.0.0版本、BL-X26_AC8 V1.2.8版本、BLAC450M_AE4 V4.0.0版本和BL-X26_DA3 V1.2.7版本。

Description (English)

LB-LINK BL-X26 and others are products of the Federation of China (LB-LINK). LB-LINK BL-X26 is a wireless router. LB-LINK BL-LTE300 is a wireless router. LB-LINK BL-AC2100 is a Wi-Fi 6 router. The LB-LINK multiple product contains a safety loophole that results from the command injection of the Mac parameter in the bs SetMacBlack function. The following products and versions were affected: BL-WR9000 V2.4.9, BL-AC2100 AZ3 V1.0.4, BL-X10 AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200 AT1 V1.0.0, BL-X26 AC8 V1.2.8, BLAC450M AE4 V4.0 and BL-X26 DA3 V1.2.7.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

必联

Published

2025-06-13

Last Modified

2026-02-24

References

https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_mac%20Unauthorized%20command%20injection/LB-LINK_mac%20command%20injection.md https://access.redhat.com/security/cve/cve-2025-45986

Share on: