OS Command Injection Vulnerability in Edimax EW-7438RPn Firmware
CVE-2025-34024
9.4CRITICAL
What is CVE-2025-34024?
An OS command injection vulnerability is present in the Edimax EW-7438RPn firmware. This issue arises from improper handling of user input in the mp.asp form handler, specifically through the /goform/mp endpoint. An authenticated attacker can exploit this vulnerability by injecting shell metacharacters into the command parameter, leading to arbitrary command execution with root privileges. This flaw poses significant security risks, enabling unauthorized access and control over the device.
Affected Version(s)
Edimax EW-7438RPn Mini 0 <= 1.13
References
CVSS V4
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Besim Altinok