PT-2026-1955 · Edimax · Edimax Br-6208Ac
Published
2026-01-09
·
Updated
2026-01-12
·
CVE-2025-70161
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EDIMAX BR-6208AC version V2 1.02
Description
The EDIMAX BR-6208AC version V2 1.02 is susceptible to Command Injection. The issue occurs because the
pppUserName field is passed directly to a shell command using the system() function without sufficient input validation. An attacker can exploit this by injecting malicious commands into the pppUserName field, potentially leading to arbitrary code execution.Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edimax Br-6208Ac