CVE-2023-31985
published 2023-05-12CVE-2023-31985: A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.08%
94.1th percentile
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | br-6428ns_firmware | — | — |
| linux | linux_kernel | >= 5.11.0 < 5.15.123 | 5.15.123 |
| linux | linux_kernel | >= 5.16.0 < 6.1.42 | 6.1.42 |
| linux | linux_kernel | >= 5.3.0 < 5.4.253 | 5.4.253 |
| linux | linux_kernel | >= 5.5.0 < 5.10.188 | 5.10.188 |
| linux | linux_kernel | >= 6.2.0 < 6.4.7 | 6.4.7 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
keys: Fix linking a duplicate key to a keyring's assoc_array
osv·2025-12-30
CVE-2023-54170 keys: Fix linking a duplicate key to a keyring's assoc_array
keys: Fix linking a duplicate key to a keyring's assoc_array
In the Linux kernel, the following vulnerability has been resolved:
keys: Fix linking a duplicate key to a keyring's assoc_array
When making a DNS query inside the kernel using dns_query(), the request
code can in rare cases end up creating a duplicate index key in the
assoc_array of the destination keyring. It is eventually found by
a BUG_ON() check in the assoc_array implementation and results in
a crash.
Example report:
[2158499.700025] kernel BUG at ../lib/assoc_array.c:652!
[2158499.700039] invalid opcode: 0000 [#1] SMP PTI
[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3
[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Deskt
GHSA
GHSA-hqm6-wfjh-9325: A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept fu
ghsa_unreviewed·2023-05-12
CVE-2023-31985 [CRITICAL] CWE-77 GHSA-hqm6-wfjh-9325: A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept fu
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-12
Published