Overview
CVE-2025-14092 describes a medium-severity OS command injection vulnerability found in the Edimax BR-6478AC V3 router, specifically version 1.0.15. This flaw allows a remote attacker to execute arbitrary operating system commands by manipulating the ‘host’ argument within the sub_416898 function of the /boafrm/formDebugDiagnosticRun file. The vendor was notified but has not responded to this disclosure.
Technical Details
The vulnerability lies in the improper sanitization of user-supplied input passed to the ‘host’ argument of the sub_416898 function within the /boafrm/formDebugDiagnosticRun file. By crafting a malicious request containing specially crafted input in the ‘host’ parameter, an attacker can inject arbitrary OS commands that will be executed with the privileges of the web server process. The publicly disclosed exploit demonstrates the ability to execute commands remotely without authentication, posing a significant risk.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns this vulnerability a score of 4.7, indicating a MEDIUM severity. This score reflects the following factors:
- Attack Vector: Network (AV:N)
- Attack Complexity: Low (AC:L)
- Privileges Required: None (PR:N)
- User Interaction: None (UI:N)
- Scope: Unchanged (S:U)
- Confidentiality Impact: Low (C:L)
- Integrity Impact: Low (I:L)
- Availability Impact: None (A:N)
While the availability impact is none, the potential for low impact on confidentiality and integrity, coupled with the ease of exploitation, contributes to the medium severity rating.
Possible Impact
Successful exploitation of this vulnerability can lead to a number of detrimental outcomes, including:
- Device Compromise: Attackers can gain control over the router, potentially using it as a bot in a botnet or as a pivot point for further attacks within the network.
- Data Theft: Sensitive information stored on or transmitted through the router could be compromised.
- Service Disruption: While the CVSS score indicates no impact on availability, an attacker could potentially disrupt network services through malicious commands.
- Malware Deployment: The attacker can inject malicious software onto the router or connected devices.
Mitigation or Patch Steps
Unfortunately, as the vendor has not responded to the disclosure, a formal patch is not currently available. Users of the Edimax BR-6478AC V3 1.0.15 router are advised to consider the following mitigation steps:
- Discontinue Use: The most secure option is to discontinue use of the affected router and replace it with a more secure alternative from a vendor known for timely security updates.
- Network Segmentation: If discontinuing use is not possible, isolate the router on a separate network segment to limit the potential damage from a successful attack.
- Firewall Rules: Implement strict firewall rules to restrict access to the router’s web interface from untrusted networks.
- Monitor Network Traffic: Closely monitor network traffic for any suspicious activity originating from or directed towards the router.
We strongly recommend contacting Edimax support and urging them to address this critical security flaw.
