Key Information I. Basic Information 1. Product Models - Multiple BLINK routers are affected by a command injection vulnerability, including but not limited to: 2. Download URL: https://www.b-link.net.cn/downloads_16.html 3. Web Service: 4. Firmware Date: 2023-6-20 5. Test Environment: Real device testing was conducted, using BL_WR9000 V2.4.9 as an example. II. Command Injection Vulnerability Vulnerable Location: In the function within the file. Cause: The program does not filter the value, allowing attackers to inject commands via and execute arbitrary commands through the system call. PoC: Attack Effect: Can create a directory named .