Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices
CVE-2019-13271

8.8HIGH

Key Information:

Vendor

Edimax

Status
Br-6208ac V1 Firmware
Vendor
CVE Published:
27 August 2019

What is CVE-2019-13271?

The Edimax BR-6208AC V1 devices exhibit a significant security flaw due to inadequate separation between host and guest networks. This vulnerability allows ARP requests to be forwarded without restriction between the networks, enabling potential data leakage. Attackers can exploit this flaw by sending ARP requests to devices on the network, which may allow them to intercept sensitive information or establish a covert communication channel. Unlike routers that appropriately limit ARP forwarding to a network's subnet, the affected devices fail to enforce such restrictions, amplifying the risk of unauthorized access and information exposure.

References

https://orenlab.sise.bgu.ac.il/publications/CrossRouter
x_refsource_MISC
https://www.usenix.org/system/files/woot19-paper_ovadia.pdf
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.