Skip to main content

Edimax BR-6478AC V2 CVE-2026-12809

| EUVDEUVD-2026-38195 LOW
Command Injection (CWE-77)
2026-06-21 VulDB GHSA-fqw2-w9cp-ggvm
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-accessible endpoint requires low-privilege auth; command injection yields full OS-level access so C/I/A all High.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 22, 2026 - 06:46 vuln.today
Severity Changed
Jun 21, 2026 - 22:37 NVD
MEDIUM LOW
CVSS changed
Jun 21, 2026 - 22:37 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privilege credentials to execute arbitrary OS commands by embedding shell metacharacters in the newpass argument of POST requests to the /goform/wiz_5in1_redirect endpoint. A public proof-of-concept exploit exists and is referenced in the VulDB disclosure, making this straightforwardly reproducible. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or guess low-privilege credentials
Delivery
Authenticate to management web interface
Exploit
Send crafted POST to /goform/wiz_5in1_redirect
Execution
Inject shell metacharacters in newpass parameter
Persist
Firmware passes input unsanitized to OS shell
Impact
Execute arbitrary commands on router

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete prerequisites: (1) network-level access to the Edimax BR-6478AC V2 web management interface - if the interface is only accessible from the LAN, exploitation is limited to internal attackers or devices already on the local network; and (2) valid low-privilege credentials for the management interface (PR:L per the CVSS 4.0 vector), meaning a successful login session must be established before the malicious POST request can be submitted to `/goform/wiz_5in1_redirect`. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 score of 2.1 with impact metrics VC:L/VI:L/VA:L is notably and unusually conservative for a command injection vulnerability - this assessment appears to undervalue the realistic impact of arbitrary OS command execution on a network gateway device. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege credentials to the Edimax BR-6478AC V2 management interface - whether through credential stuffing, default password use, or prior phishing - sends a crafted HTTP POST request to `/goform/wiz_5in1_redirect` with a payload such as `newpass=password;id;` or similar shell-injection syntax. The router's CGI handler passes the unsanitized `newpass` value to a system shell call, executing the injected command in the context of the web server process. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to coordinated disclosure, leaving no official fix available. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12809 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy