Command Injection Flaw in Edimax AC1200 Wi-Fi Router
CVE-2024-48418

8.8HIGH

Key Information:

Vendor: Edimax
Status: AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC
Vendor: CVE Published:; 27 January 2025

What is CVE-2024-48418?

A security flaw exists in the Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06 that allows an attacker to exploit the /goform/fromSetDDNS request. This vulnerability arises from the improper handling of special characters in user-provided parameters, enabling an unauthorized user with access to the router's web interface to inject and execute arbitrary shell commands. This poses significant risks as it could lead to unauthorized system access and control over the router's functionality.

References

http://edimax.com

https://github.com/SpikeReply/advisories/blob/c271ddb997b...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Oct 8, 2024