Edimax BR-6428NS POST Request formWlanM system command injection
Description
A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Affected products
1- Range: =1.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWlanMP-34b53a41781f808fb207ce3f297db80bmitreexploit
- vuldb.com/submit/811535mitrethird-party-advisory
- vuldb.com/vuln/365243mitrevdb-entrytechnical-description
- vuldb.com/vuln/365243/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.