| Title | Edimax BR-6208AC V2_1.02 Command Injection |
|---|
| Description | A Command Injection Vulnerability has been discovered in the formRoute function in the BR-6208AC_V2_1.03 firmware. This vulnerability exists in the web-based configuration interface, allowing attackers to inject arbitrary system commands due to insufficient input validation and sanitization of user-supplied data (e.g., IP address, subnet mask, and gateway). The untrusted input is directly passed to system commands via functions like system(tmpBuf), enabling remote, unauthenticated attackers to execute malicious commands, potentially leading to remote code execution or privilege escalation. |
|---|
| Source | ⚠️ https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formRoute-handler-2d3b5c52018a805983d3cf0780b28407?source=copy_link |
|---|
| User | tian (UID 93438) |
|---|
| Submission | 12/24/2025 03:01 (4 months ago) |
|---|
| Moderation | 12/29/2025 10:34 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338647 [Edimax BR-6208AC 1.02/1.03 Web-based Configuration Interface /gogorm/formRoute strIp/strMask/strGateway command injection] |
|---|
| Points | 17 |
|---|