| Title | Edimax BR-6208AC V2_1.02 Command Injection |
|---|
| Description | A Command Injection Vulnerability has been discovered in the formStaDrvSetup function in the BR-6208AC_V2_1.03 firmware. This vulnerability is present in the web-based configuration interface, which allows attackers to inject arbitrary system commands into the device's operating system via improperly sanitized user inputs. The issue arises due to insufficient input validation and sanitization when handling user-supplied data such as rootAPmac. The untrusted data is passed directly to system commands via functions like system(tmpBuf) without adequate filtering. This allows remote, unauthenticated attackers to inject malicious commands into the system, leading to the potential for remote code execution, privilege escalation, or other malicious activities on the device. |
|---|
| Source | ⚠️ https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link |
|---|
| User | tian (UID 93438) |
|---|
| Submission | 12/23/2025 15:24 (4 months ago) |
|---|
| Moderation | 12/29/2025 10:34 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338646 [Edimax BR-6208AC 1.02/1.03 Web-based Configuration Interface /goform/formStaDrvSetup rootAPmac command injection] |
|---|
| Points | 17 |
|---|