Description
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-360841 | Edimax BR-6208AC L2TP Mode setWAN command injection
https://vuldb.com/vuln/360841
Signature, Permissions Required signature
permissions-required
VDB-360841 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/360841/cti
Third Party Advisory third-party-advisory
Submit #801572 | Edimax BR-6208AC V2_1.02 Command Injection
https://vuldb.com/submit/801572
Scores
CVSS v3
6.3
EPSS
0.0116
EPSS Percentile
62.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
CWE-77
Status
published
Products (1)
Edimax/BR-6208AC
1.02
Published
May 03, 2026
Tracked Since
May 03, 2026