| Título | EDIMAX BR-6428NS BR-6428NS_v4_1.10 Command Injection |
|---|
| Descrição | The EDIMAX BR-6428NS_v4_1.10 firmware has a command injection vulnerability in the formWlanMP function. The Var/v29/v26/v27/v28/v20/v42/v41/v40/v39/v38/v2/v3/v4/v5/v6/v37/v36/v35/v16/v34/v33/v32/v43/v25/v24/v23/v21/v22/v17 variables receive the ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P parameters from a POST request. . However, since the user can control the input of these variables, the statement system() can cause a command injection. |
|---|
| Fonte | ⚠️ https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWlanMP-34b53a41781f808fb207ce3f297db80b?source=copy_link |
|---|
| Utilizador | wxhwxhwxh_tutu (UID 65923) |
|---|
| Submissão | 23/04/2026 19h02 (há 1 mês) |
|---|
| Moderação | 22/05/2026 19h38 (29 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 365243 [Edimax BR-6428NS 1.10 POST Request /goform/formWlanM system Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|