Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible command injection requiring only low-privilege router credentials realistically yields full root shell access, warranting C:H/I:H/A:H rather than the reporter's Low ratings.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in the Edimax BR-6478AC V2 router (firmware 1.23) allows authenticated remote attackers to execute arbitrary OS commands by manipulating the interface argument in POST requests to /goform/stainfo. No patch is available - Edimax did not respond to coordinated disclosure - and a public proof-of-concept exploit exists, making this a persistent, unmitigated risk on deployed devices. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires low-privilege authenticated access (PR:L per the provided CVSS 4.0 vector) to the Edimax BR-6478AC V2 web management interface - specifically, the ability to submit POST requests to the `/goform/stainfo` endpoint with attacker-controlled values in the `interface` parameter. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N with VC:L/VI:L/VA:L) yields a score of 2.1 - a figure that conflicts sharply with the typical real-world impact of command injection on embedded Linux firmware, where full root shell access is the expected outcome. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege authenticated access to the BR-6478AC V2 web management interface - either through default credentials, credential stuffing, or prior lateral movement - sends a crafted POST request to `/goform/stainfo` with a payload such as `interface=eth0;id;` or a reverse-shell command embedded via shell metacharacters in the `interface` parameter. The `stainfo` CGI handler passes the unsanitized value directly to a system call, executing arbitrary OS commands with the privileges of the web process (typically root on embedded Linux). … |
| Remediation | No vendor-released patch has been identified at time of analysis - Edimax did not respond to coordinated disclosure and no fixed firmware version is known. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Br 6478Ac V2
View allStack/heap buffer overflow in the Edimax BR-6478AC V2 wireless router (firmware 1.23) lets an authenticated attacker cor
Command injection in the Edimax BR-6478AC V2 router (firmware 1.23) allows network-adjacent authenticated attackers to e
Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privilege credentials to execute
Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privileged web interface access
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38194
GHSA-jjp3-xfgf-mr9p