CVE-2019-13270

Name of the Vulnerable Software and Affected Versions Edimax BR-6208AC version V1

Description The issue concerns insufficient compartmentalization between a host network and a guest network established by the same device. To transfer data from the host network to the guest network, a sender joins and then leaves an IGMP group. After leaving, the router creates an IGMP Membership Query packet with the Group IP and sends it to both the host and guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.

Recommendations For Edimax BR-6208AC version V1, consider restricting access to the IGMP protocol to minimize the risk of exploitation. As a temporary workaround, limiting the ability to join and leave IGMP groups may help mitigate the issue until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.