In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.
References
Link | Resource |
---|---|
http://edimax.com | Product |
https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48418.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
28 May 2025, 17:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:edimax:br-6476ac:-:*:*:*:*:*:*:* cpe:2.3:o:edimax:br-6476ac_firmware:1.06:*:*:*:*:*:*:* |
|
First Time |
Edimax br-6476ac Firmware
Edimax br-6476ac Edimax |
|
References | () http://edimax.com - Product | |
References | () https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48418.md - Exploit, Third Party Advisory |
28 Jan 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-352 | |
Summary |
|
27 Jan 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-01-27 17:15
Updated : 2025-05-28 17:53
NVD link : CVE-2024-48418
Mitre link : CVE-2024-48418
CVE.ORG link : CVE-2024-48418
JSON object : View
Products Affected
edimax
- br-6476ac
- br-6476ac_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)