CVE-2023-31983 in Wireless Router N300
Summary
by MITRE • 05/12/2023
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 12/30/2025
The CVE-2023-31983 vulnerability represents a critical command injection flaw in the Edimax Wireless Router N300 firmware BR-6428NS_v4 which exposes the mp function within the /bin/webs binary to unauthenticated remote code execution. This vulnerability stems from insufficient input validation and sanitization within the web interface component that processes user-supplied parameters. The mp function appears to directly incorporate user-controllable data into system commands without proper escaping or filtering mechanisms, creating a direct pathway for attackers to inject malicious commands that execute with the privileges of the web server process.
This command injection vulnerability operates at the application layer and specifically targets the router's web management interface. The flaw exists in the /bin/webs binary which handles various administrative functions including network configuration, user management, and system monitoring. When an attacker submits malicious input to the mp parameter, the system processes this input without adequate sanitization, allowing arbitrary commands to be executed on the underlying operating system. The vulnerability is particularly dangerous because it lacks any authentication requirements, meaning any remote attacker can exploit it without needing valid credentials.
The operational impact of this vulnerability extends far beyond simple code execution, as it provides attackers with complete control over the affected router. The compromised device can serve as a foothold for broader network infiltration, enabling attackers to perform man-in-the-middle attacks, redirect traffic, or establish persistent backdoors. The vulnerability affects the router's core functionality including wireless configuration, firewall rules, and network address translation settings, potentially allowing attackers to gain unauthorized access to the entire local network. Additionally, the compromised device could be used to launch attacks against other systems within the network or to create botnet nodes for distributed denial-of-service attacks.
Security professionals should implement immediate mitigations including network segmentation to isolate affected devices, disabling unnecessary services, and applying firmware updates from Edimax once available. The vulnerability aligns with CWE-77 which describes command injection flaws, and maps to ATT&CK technique T1059.007 for command and scripting interpreter. Organizations should conduct thorough network scans to identify all affected devices and implement network monitoring to detect suspicious command execution patterns. The lack of authentication requirements makes this vulnerability particularly attractive to automated exploitation tools, emphasizing the need for rapid remediation and continuous network monitoring. Network administrators should also consider implementing intrusion detection systems that can identify command injection attempts and configure firewall rules to restrict access to the router's web interface from untrusted networks.