| 제목 | Edimax BR-6208AC V2_1.02 Command Injection |
|---|
| 설명 | A Command Injection Vulnerability has been discovered in the formStaDrvSetup function in the BR-6208AC_V2_1.03 firmware. This vulnerability is present in the web-based configuration interface, which allows attackers to inject arbitrary system commands into the device's operating system via improperly sanitized user inputs. The issue arises due to insufficient input validation and sanitization when handling user-supplied data such as rootAPmac. The untrusted data is passed directly to system commands via functions like system(tmpBuf) without adequate filtering. This allows remote, unauthenticated attackers to inject malicious commands into the system, leading to the potential for remote code execution, privilege escalation, or other malicious activities on the device. |
|---|
| 원천 | ⚠️ https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link |
|---|
| 사용자 | tian (UID 93438) |
|---|
| 제출 | 2025. 12. 23. PM 03:24 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 29. AM 10:34 (6 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338646 [Edimax BR-6208AC 1.02/1.03 Web-based Configuration Interface /goform/formStaDrvSetup rootAPmac 권한 상승] |
|---|
| 포인트들 | 17 |
|---|