EUVD-2026-31651
GHSA-pw48-m69f-6jgc
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in the Edimax BR-6478AC 1.23 wireless router's formAccept POST handler allows an authenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the submit-url argument at /goform/formAccept. A public proof-of-concept exploit is documented via a Notion writeup, lowering the bar for exploitation; the vendor did not respond to responsible disclosure, leaving no patch available. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerable endpoint /goform/formAccept is part of the router's standard web administration interface and is active by default - no special non-default configuration is required to expose the vulnerable code path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.1 is notably low for a network-accessible command injection, driven entirely by all-Low confidentiality, integrity, and availability impact ratings (VC:L/VI:L/VA:L/SC:N/SI:N/SA:N) and the PR:L authenticated requirement - this creates a meaningful tension with the realistic severity of command injection on a router, which typically yields full device control. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privileged credentials to the Edimax BR-6478AC web interface - through credential stuffing, default password use, or prior compromise - sends a crafted HTTP POST request to /goform/formAccept with a submit-url value containing injected shell commands (e.g., submit-url=value;malicious_command). The router's CGI handler passes this unsanitized value to a system shell call, executing the attacker's commands with the firmware process's privileges. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the vendor did not respond to the security researcher's disclosure, and no patched firmware version is referenced in any available source. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today