CVE-2024-48418 Information

Description

In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.

Reference

http://edimax.com https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48418.md