CVE-2025-45985 Scanner
CVE-2025-45985 Scanner - Command Injection vulnerability in Blink Router
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
18 days
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Blink Router is a popular choice for home and small office networking solutions, known for its user-friendly interface and reliability. These routers are widely used by consumers to manage internet connectivity, enabling wired and wireless connections for multiple devices. Blink's products also offer advanced configuration options for networking enthusiasts and IT professionals. They are often deployed in environments where consistent internet connectivity is crucial, such as remote work settings and smart homes. The routers are typically managed via a web interface, allowing easy access to networking settings and security configurations. Their affordability and features make them a go-to for cost-conscious buyers looking for dependable network infrastructure.
Command Injection is a severe vulnerability that allows attackers to execute arbitrary commands on a device, leading to unauthorized control. In the context of Blink Routers, this vulnerability exists due to insufficient input sanitization in system functions. By exploiting this, attackers can gain complete control over the router, potentially altering configurations and compromising the network. Command Injection poses significant risks, as it can be used to install malicious software, intercept network traffic, or disrupt services. It often exploits the lack of validation in user inputs, making it essential for products to implement strict validation mechanisms. The repercussions of such vulnerabilities can lead to data breaches and loss of network integrity.
The vulnerability in Blink Routers is particularly linked to the bs_SetSSIDHide function. Attackers can inject commands through unsanitized input fields, specifically targeting the form submission requests related to SSID configurations. The exploitation primarily involves manipulating HTTP POST requests sent to the router's configuration URL. By inserting shell commands into these requests, attackers can trigger the router to execute these commands without authorization. The vulnerable endpoint used in this context is '/goform/set_hidessid_cfg', where the user input is improperly validated. The vulnerable parameter 'enable' allows for the injection of harmful commands, compromising the router’s security.
Exploitation of this vulnerability can have dire consequences. Malicious actors could potentially gain root access to the router, leading to the interception of sensitive data such as passwords and personal information. Network disruptions can occur, affecting connected devices and leading to loss of internet service. Additionally, the router could be used as a point of attack against other devices or networks, forming part of a larger botnet. Users may also experience unauthorized configuration changes, such as SSID modifications and firewall rules being altered. Unauthorized access can permit the installation of backdoors, which would allow persistent attacker control over the network.
REFERENCES