Br 6228Nc
Monthly
Command injection in Edimax BR-6228NC version 1.22 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the 'command' parameter in POST requests to /goform/mp endpoint. Public exploit code exists, increasing exploitation risk despite requiring low-privilege authentication. EPSS data not available, but the presence of working exploit demonstrates confirmed weaponization. Vendor has not responded to disclosure and no patch has been announced.
Command injection in Edimax BR-6228NC version 1.22 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the 'command' parameter in POST requests to /goform/mp endpoint. Public exploit code exists, increasing exploitation risk despite requiring low-privilege authentication. EPSS data not available, but the presence of working exploit demonstrates confirmed weaponization. Vendor has not responded to disclosure and no patch has been announced.