| शीर्षक | EDIMAX BR-6428NS BR-6428NS_v4_1.10 Command Injection |
|---|
| विवरण | The EDIMAX BR-6428NS_v4_1.10 firmware has a command injection vulnerability in the formWlanMP function. The Var/v29/v26/v27/v28/v20/v42/v41/v40/v39/v38/v2/v3/v4/v5/v6/v37/v36/v35/v16/v34/v33/v32/v43/v25/v24/v23/v21/v22/v17 variables receive the ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P parameters from a POST request. . However, since the user can control the input of these variables, the statement system() can cause a command injection. |
|---|
| स्रोत | ⚠️ https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWlanMP-34b53a41781f808fb207ce3f297db80b?source=copy_link |
|---|
| उपयोगकर्ता | wxhwxhwxh_tutu (UID 65923) |
|---|
| सबमिशन | 23/04/2026 07:02 PM (1 महीना पहले) |
|---|
| संयम | 22/05/2026 07:38 PM (29 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365243 [Edimax BR-6428NS 1.10 POST Request /goform/formWlanM system अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|