EUVD-2026-31652
GHSA-56x4-p9v5-x925
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in Edimax BR-6478AC 1.23 exposes the router's web management interface to remote exploitation via a crafted POST request targeting the formiNICbasic endpoint. The rootAPmac parameter - likely used for wireless bridging MAC address configuration - is passed unsanitized to a system-level command, allowing an authenticated attacker with low privileges to inject arbitrary OS commands. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires low-level authenticated access to the router's web management interface, as confirmed by PR:L in the CVSS 4.0 vector - an attacker must possess valid credentials before the vulnerable endpoint can be reached. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.1 appears low, driven entirely by the limited impact metrics - all confidentiality, integrity, and availability impacts on the vulnerable system are rated Low, with no scope change to subsequent systems (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with valid low-privilege credentials to the Edimax BR-6478AC web management interface sends a crafted HTTP POST request to /goform/formiNICbasic, inserting shell metacharacters (e.g., a semicolon followed by a command) into the rootAPmac parameter value. The router's formiNICbasic function passes this unsanitized input to an OS-level command, executing the injected payload in the device's shell context. … |
| Remediation | No vendor-released patch is available at time of analysis - Edimax did not respond to the researcher's disclosure attempt. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today