CVE-2025-28143

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15

Description The web interface of the firmware contains a command injection issue due to insufficient data sanitization at the control level. A remote attacker can exploit this by sending crafted data to the '/boafrm/formDiskCreateGroup' endpoint using the groupname parameter, which may allow the attacker to escalate privileges and execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.