| tiêu đề | Edimax BR-6208AC V2_1.02 Command Injection |
|---|
| Mô tả | A Command Injection Vulnerability has been discovered in the formStaDrvSetup function in the BR-6208AC_V2_1.03 firmware. This vulnerability is present in the web-based configuration interface, which allows attackers to inject arbitrary system commands into the device's operating system via improperly sanitized user inputs. The issue arises due to insufficient input validation and sanitization when handling user-supplied data such as rootAPmac. The untrusted data is passed directly to system commands via functions like system(tmpBuf) without adequate filtering. This allows remote, unauthenticated attackers to inject malicious commands into the system, leading to the potential for remote code execution, privilege escalation, or other malicious activities on the device. |
|---|
| Nguồn | ⚠️ https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link |
|---|
| Người dùng | tian (UID 93438) |
|---|
| Đệ trình | 23/12/2025 15:24 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 29/12/2025 10:34 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 338646 [Edimax BR-6208AC 1.02/1.03 Web-based Configuration Interface /goform/formStaDrvSetup rootAPmac nâng cao đặc quyền] |
|---|
| điểm | 17 |
|---|