CVE-2024-48418

HIGH

Edimax BR-6476AC 1.06 - OS Command Injection via DDNS Configuration

Title source: llm

Description

In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.

References (2)

Core 2

Core References

Product

http://edimax.com

Exploit, Third Party Advisory

https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48418.md

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 21.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-352

Status published

Products (1)

edimax/br-6476ac_firmware 1.06

Published Jan 27, 2025

Tracked Since Feb 18, 2026