CVE-2019-13269

Name of the Vulnerable Software and Affected Versions Edimax BR-6208AC version V1

Description The issue concerns insufficient compartmentalization between a host network and a guest network established by the same device. It involves the DHCP protocol, where a DHCP Request is sent to the router with a specific Transaction ID field. The router responds with an ACK or NAK message. In the NAK case, the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows data to be encoded and sent cross-router into the 32-bit Transaction ID field.

Recommendations For Edimax BR-6208AC version V1, as a temporary workaround, consider restricting the use of the DHCP protocol until a patch is available. Avoid using the Transaction ID field in DHCP Requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.