EUVD-2026-31593
GHSA-78xw-fxqw-mj3j
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argument pinCode causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in the Edimax BR-6675nD 1.12 router's WPS start handler allows remote attackers with low-privilege authentication to execute arbitrary OS-level commands by supplying unsanitized shell metacharacters in the pinCode POST parameter of /goform/formWpsStart. Publicly available exploit code exists, confirmed via a Notion-hosted proof-of-concept referenced in VulDB reporting. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two prerequisites: network reachability to the router's web management interface, and low-privilege authentication (PR:L per the CVSS 4.0 vector) - meaning the attacker must possess valid credentials, which could be default factory credentials (common on consumer routers), weak user-set passwords, or credentials obtained through a prior compromise. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.1 (Low severity) is driven by modest impact metrics - Vulnerable System Confidentiality, Integrity, and Availability are all rated Low (VC:L/VI:L/VA:L), with no impact on subsequent systems (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same network - or externally if the management interface is WAN-exposed - authenticates to the Edimax BR-6675nD web interface using default or weak credentials to satisfy the low-privilege requirement, then submits a crafted POST request to /goform/formWpsStart with a pinCode value containing shell metacharacters (e.g., semicolons or backticks). The firmware's formWpsStart function passes this value unsanitized to a shell interpreter, executing the attacker's injected commands with the privileges of the web server process. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the vendor was contacted prior to public disclosure and did not respond. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today