A vulnerability was found in Edimax BR-6428NS 1.10
A command injection vulnerability exists in the Edimax BR-6428NS router, allowing remote attackers to execute arbitrary commands by manipulating the stadrv_ssid argument in the formStaDrvSetup function. This can be exploited by sending a crafted POST request to the router. The vulnerability can be used to gain unauthorized access to the router and potentially the network.
A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Users of the Edimax BR-6428NS router are at risk of remote command injection attacks, which can lead to unauthorized access and potentially serious consequences.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
4
References
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact