Command Injection Vulnerability in EDIMAX BR-6208AC by EDIMAX
CVE-2025-70161

Currently unrated

Key Information:

Vendor: EDIMAX
Status: BR-6208AC
Vendor: CVE Published:; 9 January 2026

What is CVE-2025-70161?

The EDIMAX BR-6208AC V2_1.02 is exposed to a command injection vulnerability due to inadequate input sanitization of the pppUserName field, which is directly executed in a shell command via the system() function. This flaw allows attackers to inject malicious commands, potentially leading to unauthorized access and code execution, compromising the integrity and security of the device.

References

https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Com...

Timeline

Vulnerability published
Jan 9, 2026
Vulnerability Reserved
Jan 9, 2026

JSON