CVE-2025-70161

CRITICAL

9.8

Beschreibung

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/9/2026

Zuletzt geandert1/22/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

edimax:br-6208acedimax:br-6208ac_firmware

Schwachen (CWE)

CWE-77

Referenzen

https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c?source=copy_link(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.