Command Injection Vulnerability in RE11S Product by Edimax
CVE-2025-22906

9.8CRITICAL

Key Information:

Vendor: Edimax
Status: RE11S
Vendor: CVE Published:; 16 January 2025

Summary

A command injection vulnerability has been identified in the RE11S product version 1.11, allowing attackers to exploit the L2TPUserName parameter at the /goform/setWAN endpoint. This flaw could potentially enable unauthorized command execution on the affected device, compromising its integrity and exposing sensitive information. Users of RE11S v1.11 should assess their security measures and apply necessary patches to mitigate risks associated with this vulnerability.

References

https://www.edimax.com/edimax/global/

http://re11s.com

https://github.com/xyqer1/RE11S_1.11-setWAN-CommandInjection

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 9, 2025