Soumettre #801572: Edimax BR-6208AC V2_1.02 Command Injectioninformation

TitreEdimax BR-6208AC V2_1.02 Command Injection
DescriptionA command injection vulnerability exists in the IQ setup `setWAN` handler of Edimax BR-6208AC V2 1.02. In L2TP mode, the handler copies the attacker-controlled `L2TPUserName` parameter into a shell command and executes it with `system()`. The implementation tries to block only semicolon-based payloads. Other shell features remain usable, allowing arbitrary command execution on the device.
La source⚠️ https://tzh00203.notion.site/Edimax-BR-6208AC-V2-1-02-setWAN-L2TPUserName-Command-Injection-33db5c52018a80c1b3aac6db8927bd0f
Utilisateur
 tian (UID 93438)
Soumission10/04/2026 04:51 (il y a 2 mois)
Modérer02/05/2026 13:05 (22 days later)
StatutAccepté
Entrée VulDB360841 [Edimax BR-6208AC 1.02 L2TP Mode /goform/setWAN L2TPUserName élévation de privilèges]
Points17

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!