Edimax BR-6208AC Command Injection Vulnerability in Web-Based Configuration Interface

A command injection vulnerability has been identified in the Edimax BR-6208AC router, specifically in versions 1.02 and 1.03. The issue arises in the web-based configuration interface, within the 'formStaDrvSetup' function of the '/goform/formStaDrvSetup' file. The vulnerability is triggered by manipulating the 'rootAPmac' argument, which allows remote, unauthenticated attackers to inject arbitrary commands into the device's operating system. This exploitation is possible due to inadequate input validation and sanitization of user-supplied data, enabling the injection of malicious commands that could be executed on the device.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the device's operating system. This could lead to remote code execution, privilege escalation, or other malicious activities.