CVE-2023-31986
published 2023-05-15CVE-2023-31986: A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.18%
94.2th percentile
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | br-6428ns_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET INFO Suspicious POST to Axis OS (smtptest.cgi)
suricata·2021-10-06
CVE-2021-31986 ET INFO Suspicious POST to Axis OS (smtptest.cgi)
ET INFO Suspicious POST to Axis OS (smtptest.cgi)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET INFO Suspicious POST to Axis OS (smtptest.cgi)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/axis-cgi/smtptest.cgi"; fast_pattern; reference:url,nozominetworks.com/blog/new-axis-os-security-research-aided-by-transparent-design/; reference:cve,2021-31986; classtype:bad-unknown; sid:2034130; rev:2; metadata:attack_target Server, created_at 2021_10_06, cve CVE_2021_31986, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_24;)
No public exploits indexed.
No writeups or analysis indexed.
2023-05-15
Published