CVE-2025-70161

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

09/01/2026

Last modified:

09/01/2026

Description

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

Impact

References to Advisories, Solutions, and Tools

https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c?source=copy_link