| Titel | EDIMAX BR-6428NS BR-6428NS_v4_1.10 Command Injection |
|---|
| Beschreibung | The EDIMAX BR-6428NS_v4_1.10 firmware has a command injection vulnerability in the formWlanMP function. The Var/v29/v26/v27/v28/v20/v42/v41/v40/v39/v38/v2/v3/v4/v5/v6/v37/v36/v35/v16/v34/v33/v32/v43/v25/v24/v23/v21/v22/v17 variables receive the ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P parameters from a POST request. . However, since the user can control the input of these variables, the statement system() can cause a command injection. |
|---|
| Quelle | ⚠️ https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWlanMP-34b53a41781f808fb207ce3f297db80b?source=copy_link |
|---|
| Benutzer | wxhwxhwxh_tutu (UID 65923) |
|---|
| Einreichung | 23.04.2026 19:02 (vor 1 Monat) |
|---|
| Moderieren | 22.05.2026 19:38 (29 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 365243 [Edimax BR-6428NS 1.10 POST Request /goform/formWlanM system erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|