CVE-2024-48419 Information

Description

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically these issues can be triggered through /goform/tracerouteDiagnosis /goform/pingDiagnosis and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands with oot\ privileges.

Reference

http://edimax.com https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48419.md