EDIMAX BR-6428nS V3 Command Injection Vulnerability

A command injection vulnerability has been identified in the EDIMAX BR-6428nS V3 router, specifically in firmware version 1.15. This vulnerability allows authenticated attackers with network access to execute arbitrary system commands on the device. The issue arises from inadequate input validation in the WLAN configuration feature of the web-based management interface. By injecting crafted input that includes shell metacharacters into vulnerable parameters, an authenticated user can manipulate the router's internal operating system commands. Exploitation of this vulnerability could lead to unauthorized modifications of device settings, disruption of network services, or unauthorized persistent access to the router.

Impact

Exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary commands on the router's operating system, potentially leading to unauthorized changes in device configuration, disruption of network services, or persistent access to the router.