Skip to main content

Edimax BR-6478AC V2 EUVDEUVD-2026-38193

| CVE-2026-12807 LOW
Command Injection (CWE-77)
2026-06-21 VulDB GHSA-wj96-j9c9-gqpx
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.9 CRITICAL

Network-accessible admin interface, PR:L for required authentication, scope changes because router compromise enables network-level interception, and command injection yields full OS access.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 22, 2026 - 06:45 vuln.today
Severity Changed
Jun 21, 2026 - 21:22 NVD
MEDIUM LOW
CVSS changed
Jun 21, 2026 - 21:22 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privileged web interface access to execute arbitrary OS commands by injecting shell metacharacters into WAN credential parameters submitted via POST to /goform/setWAN. A public proof-of-concept exploit is documented and available, the vendor did not respond to coordinated disclosure, and no patch exists - leaving only compensating controls as mitigation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router admin interface over network
Delivery
Authenticate with low-privileged or default credentials
Exploit
Craft POST request to /goform/setWAN
Execution
Inject shell metacharacters into pppUserName/pptpUserName/L2TPUserName
Persist
Trigger unsanitized system command execution
Impact
Achieve root-level OS control of router

Vulnerability AssessmentAI

Exploitation The attack requires network reachability to the router's web administration interface - typically HTTP on port 80 or 8080, accessible from the LAN by default and potentially from the WAN if remote management is enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-provided CVSS 4.0 vector scores 2.1 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P), which critically understates the realistic impact of OS command injection on embedded router firmware. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same LAN - or reaching the admin interface through an exposed WAN management port - authenticates to the Edimax BR-6478AC V2 web interface with low-privileged or default credentials, then submits a crafted POST request to /goform/setWAN with a shell payload embedded in the pppUserName field (e.g., value containing a semicolon-separated command). The setWAN handler passes the unsanitized string to a system-level call, executing the injected command - likely as root given typical embedded firmware architecture. …
Remediation No vendor-released patch is available at time of analysis - the vendor did not respond to disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38193 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy