Edimax BR-6208AC Path Traversal Vulnerability in FTP Daemon Service

A path traversal vulnerability has been identified in the Edimax BR-6208AC router running firmware version 1.02. The issue resides in the FTP daemon service, specifically within the handle_retr function, which improperly validates user-supplied file paths. This flaw allows authenticated attackers to read arbitrary files from the device's filesystem, potentially exposing sensitive information such as configuration files, passwords, and system details. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized reading of files from the device's filesystem, which could include sensitive information such as configuration files and passwords.

Remediation

Users are advised to disable the FTP service on the Edimax BR-6208AC router to mitigate the risks associated with this vulnerability. For those seeking to upgrade, newer, supported models are recommended.