PT-2024-38453 · Edimax · Edimax Ic-6220Dc+1
Jylsec
·
Published
2024-08-08
·
Updated
2024-08-15
·
CVE-2024-7616
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Edimax IC-6220DC and IC-5150W versions up to 3.06
Description
A critical issue affects the
cgiFormString function of the ipcam cgi file. The manipulation of the host argument leads to command injection. The vendor was contacted about this disclosure but did not respond.Recommendations
For Edimax IC-6220DC and IC-5150W versions up to 3.06, upgrade to a version above 3.06 as soon as possible.
As a temporary workaround, consider restricting access to the
cgiFormString function until a patch is available.
Avoid using the host parameter in the affected ipcam cgi file until the issue is resolved.Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edimax Ic-5150W
Edimax Ic-6220Dc