CVE-2025-45984 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-45984?

CVE-2025-45984 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in multiple Blink router models via the routepwd parameter. Attackers can execute arbitrary commands on affected routers, potentially gaining full control. All users of the listed router models with vulnerable firmware versions are affected.

📋 TL;DR

This CVE describes a command injection vulnerability in multiple Blink router models via the routepwd parameter. Attackers can execute arbitrary commands on affected routers, potentially gaining full control. All users of the listed router models with vulnerable firmware versions are affected.

💻 Affected Systems

Products:

BL-WR9000
BL-AC1900
BL-AC2100_AZ3
BL-X10_AC8
BL-LTE300
BL-F1200_AT1
BL-X26_AC8
BLAC450M_AE4
BL-X26_DA3

Versions: V2.4.9, V1.0.2, V1.0.4, V1.0.5, V1.2.3, V1.0.0, V1.2.8, V4.0.0, V1.2.7 respectively

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All listed firmware versions are vulnerable. The vulnerability exists in the web interface component handling routepwd parameter.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to intercept all network traffic, install persistent backdoors, pivot to internal networks, and use the router for botnet activities.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and use as a proxy for malicious activities.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers worldwide.

🏢 Internal Only: MEDIUM - If routers are only accessible internally, risk is reduced but still significant for network compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub reference contains technical details and likely exploit code. Command injection vulnerabilities are typically easy to exploit once details are public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download appropriate firmware for your model. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace vulnerable routers with different models or brands
Implement strict firewall rules blocking all inbound access to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface and compare with affected versions list. If version matches exactly, device is vulnerable.

Check Version:

Login to router web interface and navigate to System Status or About page to view firmware version.

Verify Fix Applied:

After updating firmware, verify version no longer matches vulnerable versions. Test routepwd parameter functionality if possible.

📡 Detection & Monitoring

Log Indicators:

Unusual commands in system logs
Multiple failed login attempts followed by routepwd parameter manipulation
Unexpected process execution

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Unexpected traffic redirection

SIEM Query:

source="router_logs" AND (routepwd OR command=* OR process=*)

📊 Metadata

CVE ID: CVE-2025-45984

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 1.61% exploit probability (81.4th percentile)

Published: June 13, 2025

Last Updated: July 10, 2025

🔗 References

https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_routepwd%20Indicates%20the%20unauthorized%20command%20injection/LB-LINK_routepwd%20command%20injection.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45984, you might also want to check these: