Edimax AC1200 Wave 2 Dual-Band Gigabit Router Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router, specifically in the BR-6478AC V3 model with firmware version 1.0.15. The vulnerability arises from the 'fota_url' parameter, which is not properly sanitized in the 'formLtefotaUpgradeQuectel' handler. This oversight allows remote authenticated attackers to execute arbitrary commands with root privileges on the affected device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the router, with the executed commands running as the root user.

Reproduction

To reproduce this vulnerability, send a POST request to the '/boafrm/formLtefotaUpgradeQuectel' endpoint. Include the 'fota_url' parameter with a crafted value that exploits the command injection flaw, such as a command that writes to a file on the device. The command will be executed with root privileges, allowing for arbitrary code execution on the router.