| 제목 | Edimax BR-6208AC V2_1.02 Command Injection |
|---|
| 설명 | A Command Injection Vulnerability has been discovered in the formRoute function in the BR-6208AC_V2_1.03 firmware. This vulnerability exists in the web-based configuration interface, allowing attackers to inject arbitrary system commands due to insufficient input validation and sanitization of user-supplied data (e.g., IP address, subnet mask, and gateway). The untrusted input is directly passed to system commands via functions like system(tmpBuf), enabling remote, unauthenticated attackers to execute malicious commands, potentially leading to remote code execution or privilege escalation. |
|---|
| 원천 | ⚠️ https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formRoute-handler-2d3b5c52018a805983d3cf0780b28407?source=copy_link |
|---|
| 사용자 | tian (UID 93438) |
|---|
| 제출 | 2025. 12. 24. AM 03:01 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 29. AM 10:34 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338647 [Edimax BR-6208AC 1.02/1.03 Web-based Configuration Interface /gogorm/formRoute strIp/strMask/strGateway 권한 상승] |
|---|
| 포인트들 | 17 |
|---|