CVE-2025-22912

CRITICAL

Edimax RE11S v1.11 - OS Command Injection via formAccept Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-22912. PoCs published by passwa11.

AI-analyzed exploit summary This repository contains a working proof-of-concept for a command injection vulnerability in the RE11S_1.11 router. The exploit targets the formAccept function via the submit-url parameter, allowing arbitrary command execution.

Description

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.

Exploits (1)

nomisec WORKING POC

by passwa11 · poc

https://github.com/passwa11/RE11S_1.11-formAccept-CommandInjection

View Code ZIP pw:eip

This repository contains a working proof-of-concept for a command injection vulnerability in the RE11S_1.11 router. The exploit targets the formAccept function via the submit-url parameter, allowing arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: RE11S_1.11 router

No auth needed

Prerequisites: Network access to the router's web interface · Router running RE11S_1.11 firmware

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Broken Link, Not Applicable

http://re11s.com

Exploit, Third Party Advisory

https://github.com/xyqer1/RE11S_1.11-formAccept-CommandInjection

Product

https://www.edimax.com/edimax/global/

Scores

CVSS v3 9.8

EPSS 0.0228

EPSS Percentile 80.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

edimax/re11s_firmware 1.11

Published Jan 16, 2025

Tracked Since Feb 18, 2026