cbcvebase.

Edimax Br-6208Ac Firmware vulnerabilities

6 known vulnerabilities affecting edimax/br-6208ac_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-70161P2CRITICALCVSS 9.8v1.032026-01-09
CVE-2025-70161 [CRITICAL] CWE-77 CVE-2025-70161: EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName fie EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.
nvd
CVE-2025-15256P2CRITICALCVSS 9.8v1.02v1.032025-12-30
CVE-2025-15256 [CRITICAL] CWE-74 CVE-2025-15256: A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSet A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig
nvd
CVE-2025-15257P2CRITICALCVSS 9.8v1.02v1.032025-12-30
CVE-2025-15257 [CRITICAL] CWE-74 CVE-2025-15257: A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The attack can be executed remotely. The exploit has bee
nvd
CVE-2026-1972P3HIGHCVSS 7.5≤ 1.022026-02-06
CVE-2026-1972 [HIGH] CWE-1392 CVE-2026-1972: A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_chec A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor confirms that the affected product is end
nvd
CVE-2025-14910P3MEDIUMCVSS 6.5v1.022025-12-19
CVE-2025-14910 [MEDIUM] CWE-22 CVE-2025-14910: A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is no longer available in the market and has been discont
nvd
CVE-2025-15258P4MEDIUMCVSS 6.1v1.02v1.032025-12-30
CVE-2025-15258 [MEDIUM] CWE-601 CVE-2025-15258: A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be carried out remotely. The exploit has been made available
nvd
Edimax Br-6208Ac Firmware vulnerabilities | cvebase