Impact
A remote attacker can exploit the stainfo function component of Edimax BR‑6478AC V2 1.23 by sending a crafted POST request. The malicious input is executed as a shell command on the device, providing the attacker with the ability to run arbitrary code and potentially take full control of the router. The vulnerability falls under CWE‑74 and CWE‑77 and is rated CVSS 5.3, indicating moderate severity due to the direct execution of commands without proper validation.
Affected Systems
Vulnerable devices are the Edimax BR‑6478AC V2 routers, specifically firmware version 1.23. No other versions or extended product lines are listed as affected.
Risk and Exploitability
The CVSS score of 5.3 reflects a moderate risk, but because the exploit can be triggered remotely without additional privileges and is publicly disclosed, the likelihood of real-world exploitation is non‑negligible. The EPSS score of 1% indicates a low yet non‑zero probability of exploitation in the wild, corresponding to approximately a 1% chance that this vulnerability is actively targeted. The vulnerability is not listed in CISA’s KEV catalog. Attacks would target the /goform/stainfo endpoint, suggesting that any host with network reach to the router could potentially be vulnerable.
OpenCVE Enrichment