Skip to main content

Edimax BR-6208AC CVE-2026-7682

| EUVDEUVD-2026-26820 LOW
Command Injection (CWE-77)
2026-05-03 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
May 03, 2026 - 07:22 NVD
MEDIUM LOW
CVSS changed
May 03, 2026 - 07:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
PoC Detected
May 03, 2026 - 07:16 vuln.today
Public exploit code
Analysis Generated
May 03, 2026 - 06:45 vuln.today
EUVD ID Assigned
May 03, 2026 - 06:30 euvd
EUVD-2026-26820
Analysis Generated
May 03, 2026 - 06:30 vuln.today
CVE Published
May 03, 2026 - 06:15 nvd
LOW 2.1

DescriptionCVE.org

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Edimax BR-6208AC 1.02 allows authenticated remote attackers to execute arbitrary system commands via the L2TPUserName parameter in the /goform/setWAN endpoint when L2TP Mode is configured. The vulnerability requires valid credentials but carries moderate risk (CVSS 6.3) with publicly available exploit code and vendor non-responsiveness to disclosure.

Technical ContextAI

The BR-6208AC is a wireless router that implements WAN configuration functionality through the setWAN web interface handler. The vulnerability exists in the L2TP Mode feature, where the L2TPUserName parameter is processed by the setWAN function without proper input sanitization before being used in system command execution contexts. This is a classic command injection flaw (CWE-77: Improper Neutralization of Special Elements used in a Command) where user-supplied input containing shell metacharacters (e.g., semicolons, pipes, backticks) can escape the intended command context and execute arbitrary shell commands with the privileges of the web service process. The affected CPE indicates all versions of the BR-6208AC firmware are potentially vulnerable, though version 1.02 is explicitly confirmed.

RemediationAI

No vendor-released patch has been identified at time of analysis, as Edimax did not respond to early disclosure. Immediate remediation options are limited: disable L2TP Mode if not required in production environments, or restrict administrative access to the router's web interface through network segmentation (e.g., limit administrative traffic to trusted management networks only, disable remote management features if enabled, implement IP-based access control lists on the WAN interface). If the router must be internet-accessible, isolate it behind a reverse proxy or WAF configured to block requests containing shell metacharacters in the L2TPUserName parameter. Monitor for firmware updates from Edimax at their official support website. If the vendor does not provide a patch within a reasonable timeframe, consider replacing the device with a model from a vendor demonstrating active security support.

Share

CVE-2026-7682 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy