Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in Edimax BR-6228NC version 1.22 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the 'command' parameter in POST requests to /goform/mp endpoint. Public exploit code exists, increasing exploitation risk despite requiring low-privilege authentication. EPSS data not available, but the presence of working exploit demonstrates confirmed weaponization. Vendor has not responded to disclosure and no patch has been announced.
Technical ContextAI
This vulnerability affects the BR-6228NC wireless broadband router's web management interface, specifically the 'mp' function within the POST request handler at /goform/mp. The flaw is rooted in CWE-77 (Command Injection), where user-controlled input in the 'command' parameter is passed to a system command interpreter without proper sanitization or validation. The affected device runs embedded firmware common to consumer-grade network equipment, where web interfaces often execute shell commands for configuration tasks. The CPE identifier cpe:2.3:a:edimax:br-6228nc:*:*:*:*:*:*:*:* confirms this is a product-level vulnerability affecting the device firmware rather than a specific software component.
RemediationAI
No vendor-released patch exists at time of analysis - Edimax has not responded to vulnerability disclosure per VulDB report. Primary recommendation is device replacement with actively supported hardware from vendors with established security response programs. If replacement is not immediately feasible, implement network-level compensating controls: isolate BR-6228NC devices on separate management VLANs inaccessible from untrusted networks, disable remote administration features entirely if not operationally required (side effect: loss of remote management capability), enforce strong unique passwords and disable default credentials (limits but does not eliminate risk from lateral movement post-compromise), and deploy intrusion detection signatures to monitor for POST requests to /goform/mp with suspicious command parameters. These mitigations reduce attack surface but do not remediate the underlying vulnerability. Additional resources: VulDB entry https://vuldb.com/vuln/364399 and technical writeup https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6228NC-mp-34b53a41781f80db8aaed24e43ea24b9.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30723
GHSA-gggg-9f43-93h7