Primary

Context

Edimax AC1200 Wave 2 Dual-Band Gigabit Router Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A command injection vulnerability has been identified in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router, specifically in the BR-6478AC V3 model with firmware version 1.0.15. The vulnerability arises because the 'systype' parameter is not properly sanitized in the 'formDiskFormat' handler, allowing remote authenticated attackers to execute arbitrary commands as root.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the device with root privileges.

Reproduction

To reproduce this vulnerability, send a POST request to '/boafrm/formDiskFormat' with the 'systype' parameter set to 'ext2' and the 'partition' parameter set to 'sda1/n echo 123 > /tmp/poc.txt'. This will execute the command 'echo 123' and write the output to a file named 'poc.txt' in the '/tmp' directory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

7.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

7.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Edimax AC1200 Wave 2 Dual-Band Gigabit Router Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating