Edimax AC1200 Wi-Fi 5 Dual-Band Router Command Injection Vulnerability

A command injection vulnerability has been identified in the Edimax AC1200 Wi-Fi 5 Dual-Band Router model BR-6476AC, specifically in firmware version 1.06. The vulnerability resides in the binary application '/bin/goahead' and can be exploited through the web interface pages '/goform/tracerouteDiagnosis', '/goform/pingDiagnosis', and '/goform/fromSysToolPingCmd'. This issue allows attackers to inject and execute arbitrary shell commands with root privileges. Additionally, the absence of anti-CSRF mechanisms enables potential remote exploitation using CSRF techniques.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with root privileges on the affected router.

Reproduction

To reproduce this vulnerability, access the web interface of the Edimax AC1200 BR-6476AC router running firmware 1.06. Navigate to one of the vulnerable diagnosis pages: '/goform/tracerouteDiagnosis', '/goform/pingDiagnosis', or '/goform/fromSysToolPingCmd'. Inject a payload that includes the desired shell command. Once the payload is executed, the command will be executed on the router's operating system with root privileges. As a result, a new webpage can be created on the router, demonstrating successful exploitation.