PT-2026-51254 · Edimax · Br-6478Ac V2

Yhryhryhr_Tu

Publicado

2026-06-21

Atualizado

2026-06-21

CVE-2026-12807

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit

Correção

Special Elements Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-77

Identificadores relacionados

CVE-2026-12807

Produtos afetados

Br-6478Ac V2

PT-2026-51254 · Edimax · Br-6478Ac V2

CVE-2026-12807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6