EUVD-2026-33470
GHSA-2rjv-9xvw-8pvv
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
AnalysisAI
Authenticated command injection in Edimax BR-6478AC 1.23 firmware allows network-adjacent attackers with low-privilege credentials to execute arbitrary OS commands via the rootAPmac parameter in the formStaDrvSetup POST handler at /goform/formStaDrvSetup. The CVSS temporal vector confirms a public proof-of-concept (E:P) with reasonable confidence in the report (RC:R), while remediation level remains undefined (RL:X), indicating no vendor patch has been publicly acknowledged. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to the router's web administration interface (AV:N per CVSS) and low-privilege authentication (PR:L per CVSS) - the attacker must supply valid credentials to the device's HTTP-based management panel before reaching the vulnerable endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.3 medium score reflects a meaningful but bounded attack surface: network reachable (AV:N), low complexity (AC:L), no user interaction required (UI:N), but requiring low-privilege authentication (PR:L), and with only partial impact across confidentiality, integrity, and availability (C:L/I:L/A:L, S:U). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege credentials to the Edimax BR-6478AC admin interface - through default credential use, credential stuffing, or phishing - sends a crafted HTTP POST request to /goform/formStaDrvSetup with the rootAPmac parameter containing shell metacharacters and injected commands (e.g., rootAPmac=AA:BB:CC:DD:EE:FF;id). The router's CGI handler passes the unsanitized value directly to an OS command, executing the injected payload with the privileges of the web server process, commonly root on embedded Linux devices. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the CVSS remediation level RL:X and absence of any Edimax advisory confirm this. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today