CVE-2024-48419

HIGH

Edimax BR-6476AC 1.06 Authenticated Command Injection via tracerouteDiagnosis

Title source: llm

Description

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.

References (2)

Core 2

Core References

Product

http://edimax.com

Exploit, Third Party Advisory

https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48419.md

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0215

EPSS Percentile 79.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

edimax/br-6476ac_firmware 1.06

Published Jan 27, 2025

Tracked Since Feb 18, 2026