Command Injection Vulnerability in Edimax Wireless Router N300 Firmware
CVE-2022-45768

8.8HIGH

Key Information:

Vendor: Edimax
Status: Br-6428ns Firmware
Vendor: CVE Published:; 7 February 2023

What is CVE-2022-45768?

A command injection vulnerability exists in the Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3. This flaw enables attackers to exploit the formWlanMP function, potentially allowing them to execute arbitrary code on the device. Successful exploitation may lead to unauthorized access and control over the router, posing significant security risks to users.

References

https://www.lovesandy.cc/2022/11/20/EDIMAX%E6%BC%8F%E6%B4...

https://github.com/Erebua/CVE/blob/main/Edimax.md

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Nov 21, 2022