Skip to main content

Edimax BR-6478AC CVE-2026-12808

| EUVDEUVD-2026-38194 LOW
Command Injection (CWE-77)
2026-06-21 VulDB GHSA-jjp3-xfgf-mr9p
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-accessible command injection requiring only low-privilege router credentials realistically yields full root shell access, warranting C:H/I:H/A:H rather than the reporter's Low ratings.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 22, 2026 - 06:45 vuln.today
Severity Changed
Jun 21, 2026 - 21:22 NVD
MEDIUM LOW
CVSS changed
Jun 21, 2026 - 21:22 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in the Edimax BR-6478AC V2 router (firmware 1.23) allows authenticated remote attackers to execute arbitrary OS commands by manipulating the interface argument in POST requests to /goform/stainfo. No patch is available - Edimax did not respond to coordinated disclosure - and a public proof-of-concept exploit exists, making this a persistent, unmitigated risk on deployed devices. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain router web interface credentials
Delivery
Send crafted POST request to /goform/stainfo
Exploit
Inject shell metacharacters in `interface` parameter
Execution
Bypass absent input sanitization in stainfo handler
Impact
Execute arbitrary OS commands with router process privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires low-privilege authenticated access (PR:L per the provided CVSS 4.0 vector) to the Edimax BR-6478AC V2 web management interface - specifically, the ability to submit POST requests to the `/goform/stainfo` endpoint with attacker-controlled values in the `interface` parameter. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N with VC:L/VI:L/VA:L) yields a score of 2.1 - a figure that conflicts sharply with the typical real-world impact of command injection on embedded Linux firmware, where full root shell access is the expected outcome. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege authenticated access to the BR-6478AC V2 web management interface - either through default credentials, credential stuffing, or prior lateral movement - sends a crafted POST request to `/goform/stainfo` with a payload such as `interface=eth0;id;` or a reverse-shell command embedded via shell metacharacters in the `interface` parameter. The `stainfo` CGI handler passes the unsanitized value directly to a system call, executing arbitrary OS commands with the privileges of the web process (typically root on embedded Linux). …
Remediation No vendor-released patch has been identified at time of analysis - Edimax did not respond to coordinated disclosure and no fixed firmware version is known. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12808 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy