Br 6208Ac
Monthly
Buffer overflow in Edimax BR-6208AC router firmware version 1.02 allows authenticated remote attackers to achieve complete system compromise via crafted pptpDfGateway parameter to /goform/setWAN endpoint. Public exploit code exists (EPSS probability unknown, not in CISA KEV). The vendor was notified but did not respond, leaving users without official remediation guidance. Attack requires only low-privilege authentication (PR:L) with network access and low complexity (AC:L), making this readily exploitable against internet-exposed management interfaces.
Command injection in Edimax BR-6208AC 1.02 allows authenticated remote attackers to execute arbitrary system commands via the L2TPUserName parameter in the /goform/setWAN endpoint when L2TP Mode is configured. The vulnerability requires valid credentials but carries moderate risk (CVSS 6.3) with publicly available exploit code and vendor non-responsiveness to disclosure.
Buffer overflow in Edimax BR-6208AC router firmware version 1.02 allows authenticated remote attackers to achieve complete system compromise via crafted pptpDfGateway parameter to /goform/setWAN endpoint. Public exploit code exists (EPSS probability unknown, not in CISA KEV). The vendor was notified but did not respond, leaving users without official remediation guidance. Attack requires only low-privilege authentication (PR:L) with network access and low complexity (AC:L), making this readily exploitable against internet-exposed management interfaces.
Command injection in Edimax BR-6208AC 1.02 allows authenticated remote attackers to execute arbitrary system commands via the L2TPUserName parameter in the /goform/setWAN endpoint when L2TP Mode is configured. The vulnerability requires valid credentials but carries moderate risk (CVSS 6.3) with publicly available exploit code and vendor non-responsiveness to disclosure.