CVE-2024-48418
Published: 27 January 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2024-48418 is a command injection vulnerability affecting the Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06. The flaw resides in the /goform/fromSetDDNS request handler, which fails to properly sanitize special characters in user-provided parameters. This allows an attacker with access to the web interface to inject and execute arbitrary shell commands. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-352.
An attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. By crafting a malicious request to the /goform/fromSetDDNS endpoint with specially crafted parameters containing special characters, the attacker can execute arbitrary shell commands on the router. This grants high-impact control over confidentiality, integrity, and availability, potentially leading to full device compromise.
For mitigation guidance, refer to the vendor advisory at http://edimax.com and the detailed advisory at https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48418.md. The vulnerability was published on 2025-01-27.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection in the router's web interface (/goform/fromSetDDNS) enables arbitrary Unix shell execution (T1059.004) and exploitation of a public-facing web application (T1190).