Enviar #722014: Edimax BR-6208AC V2_1.02 Command Injectioninformación

TítuloEdimax BR-6208AC V2_1.02 Command Injection
DescripciónA Command Injection Vulnerability has been discovered in the formStaDrvSetup function in the BR-6208AC_V2_1.03 firmware. This vulnerability is present in the web-based configuration interface, which allows attackers to inject arbitrary system commands into the device's operating system via improperly sanitized user inputs. The issue arises due to insufficient input validation and sanitization when handling user-supplied data such as rootAPmac. The untrusted data is passed directly to system commands via functions like system(tmpBuf) without adequate filtering. This allows remote, unauthenticated attackers to inject malicious commands into the system, leading to the potential for remote code execution, privilege escalation, or other malicious activities on the device.
Fuente⚠️ https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link
Usuario
 tian (UID 93438)
Sumisión2025-12-23 15:24 (hace 4 meses)
Moderación2025-12-29 10:34 (6 days later)
EstadoAceptado
Entrada de VulDB338646 [Edimax BR-6208AC 1.02/1.03 Web-based Configuration Interface /goform/formStaDrvSetup rootAPmac escalada de privilegios]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!