Primary

Context

Edimax BR-6208AC Open Redirect Vulnerability in Web-Based Configuration Interface

Vulnerability

An open redirect vulnerability has been identified in the Edimax BR-6208AC router, specifically in versions 1.02 and 1.03. The issue arises in the web-based configuration interface, within the 'formALGSetup' function of the '/goform/formALGSetup' file. This vulnerability allows for the manipulation of the 'wlan-url' parameter, creating an open redirect. The flaw can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for open redirect, which can be used to conduct phishing attacks by redirecting users to malicious websites.

Remediation

Edimax has stated that the BR-6208AC V2 has reached its end-of-life status and is no longer supported or maintained. As such, no firmware updates or patches are available for this device. Users are advised to upgrade to newer models for better security.

Added: Dec 30, 2025, 6:43 PM

Updated: Dec 30, 2025, 6:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Edimax BR-6208AC Open Redirect Vulnerability in Web-Based Configuration Interface

Vulnerability

Impact

Remediation

Affected Products

Edimax BR-6208AC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating