PT-2024-10391 · Edimax · Edimax Ac1200 Wi-Fi 5 Dual-Band Router Br-6476Ac
Published
2024-06-18
·
Updated
2025-05-28
·
CVE-2024-48418
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06
Description
The issue concerns the request
/goform/fromSetDDNS not properly handling special characters in user-provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands. This can lead to privilege escalation and the execution of arbitrary commands.Recommendations
For Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06, consider disabling access to the
/goform/fromSetDDNS request until a patch is available to prevent the injection and execution of arbitrary shell commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Edimax Ac1200 Wi-Fi 5 Dual-Band Router Br-6476Ac