Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC
0 remedies
cpe:2.3:h:edimax:br-6478ac:*:*:*:*:*:*:*, +3 more
0 remedies
- BR-6478AC V3 1.0.15
Edimax AC1200 Wave 2 Dual-Band Gigabit Router Command Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A command injection vulnerability has been identified in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router, specifically in the BR-6478AC V3 firmware version 1.0.15. The vulnerability arises from the 'foldername' parameter in the '/boafrm/formDiskCreateShare' handler, where unsanitized input allows for arbitrary command execution on the router's operating system.
Impact
Exploitation of this vulnerability allows remote authenticated attackers to execute arbitrary commands with root privileges on the affected router.
Reproduction
To reproduce this vulnerability, first create a user account on the router. Then, send a POST request to '/boafrm/formDiskCreateShare' with the 'foldername' parameter containing the crafted payload. The injected command will be executed on the router, and the results can be verified by checking for the creation of a file in the '/tmp' directory.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
6.2remediation
0.0relevance
0.0threat
7.1urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.