Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices
CVE-2019-13271

8.8HIGH

Key Information:

Vendor: Edimax
Status: Br-6208ac V1 Firmware
Vendor: CVE Published:; 27 August 2019

What is CVE-2019-13271?

The Edimax BR-6208AC V1 devices exhibit a significant security flaw due to inadequate separation between host and guest networks. This vulnerability allows ARP requests to be forwarded without restriction between the networks, enabling potential data leakage. Attackers can exploit this flaw by sending ARP requests to devices on the network, which may allow them to intercept sensitive information or establish a covert communication channel. Unlike routers that appropriately limit ARP forwarding to a network's subnet, the affected devices fail to enforce such restrictions, amplifying the risk of unauthorized access and information exposure.

References

https://orenlab.sise.bgu.ac.il/publications/CrossRouter

x_refsource_MISC

https://www.usenix.org/system/files/woot19-paper_ovadia.pdf

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2019
Vulnerability Reserved
Jul 4, 2019