Key Information CVE-ID CVE-2025-57685 Vulnerability Overview Vendor: Shenzhen Union Electronic Limited Co., Ltd. (UB Link) Affected Products: BL-AC2100, BL-WR4000I, BL-WR9000-AF4, BL-AC1900-AZ2, BL-X26L-DWPC2, BL-LTE300 Affected Firmware Versions: v1.0.4, v2.5.0, v2.4.9, v2.2.3 Vulnerability Type: Unauthorized Command Injection Vulnerability Details Description: In the file responsible for network services, there is an unauthorized command injection vulnerability. Analysis of the function reveals that it directly returns the user-input string, leading to unauthorized access. Critical Code Snippet: POC (Proof of Concept) Request Example: Impact Demonstration Effect Display: Screenshots show how an attacker can exploit this vulnerability to execute arbitrary commands, gain full control over the device, and perform malicious operations.