Command Injection Vulnerability in Edimax Wireless Router N300 Firmware
CVE-2023-31983

9.8CRITICAL

Key Information:

Vendor: Edimax
Status: Br-6428ns Firmware
Vendor: CVE Published:; 12 May 2023

What is CVE-2023-31983?

A significant command injection vulnerability exists in the Edimax Wireless Router N300 firmware, specifically in the mp function of the /bin/webs component. This flaw enables attackers to execute arbitrary code on the device, potentially compromising the integrity and confidentiality of the network. Without effective safeguards, unauthorized users can exploit this vulnerability to manipulate system commands, leading to unauthorized access and control over the affected router.

References

https://github.com/Erebua/CVE/blob/main/N300_BR-6428nS%20...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2023
Vulnerability Reserved
Apr 29, 2023