Edimax: Security Vulnerabilities
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel
CVSS Score
9.8
EPSS Score
0.094
Published
2025-04-04
CVE-2025-1316
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
Known exploited
CVSS Score
9.3
EPSS Score
0.723
Published
2025-03-05
A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.1
EPSS Score
0.004
Published
2025-02-24
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.
CVSS Score
8.8
EPSS Score
0.022
Published
2025-01-27
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-01-27
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-01-27
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.
CVSS Score
5.2
EPSS Score
0.003
Published
2025-01-27
In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-01-27
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-16
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.
CVSS Score
9.8
EPSS Score
0.056
Published
2025-01-16