CVE-2024-48417

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wi-Fi 5 BR-6476AC version 1.06

Description The issue is related to the lack of protection for the web interface structure of the Edimax AC1200 Wi-Fi 5 BR-6476AC router's firmware, allowing a remote attacker to conduct a Cross Site Scripting (XSS) attack. The vulnerability can be exploited via specific API endpoints: "/bin/goahead" through "/goform/setStaticRoute", "/goform/fromSetFilterUrlFilter", and "/goform/fromSetFilterClientFilter".

Recommendations For Edimax AC1200 Wi-Fi 5 BR-6476AC version 1.06, consider disabling access to the "/bin/goahead" endpoint and its related functions, such as those accessible through "/goform/setStaticRoute", "/goform/fromSetFilterUrlFilter", and "/goform/fromSetFilterClientFilter", until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.