CVE-2024-48419
Published: 27 January 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-48419 is a command injection vulnerability (CWE-77) in the Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06. The flaw exists in the /bin/goahead web server component and is triggered via the /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd endpoints. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-27.
An attacker with low-privilege access to the router's web interface can exploit these endpoints to inject and execute arbitrary shell commands with root privileges. Exploitation requires network access and is low complexity with no user interaction, enabling high-impact compromise of confidentiality, integrity, and availability on the affected device.
Advisories are available from the vendor at http://edimax.com and from SpikeReply at https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48419.md, which may provide further details on patches or mitigations.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection vulnerability in the router's web interface (/goform/tracerouteDiagnosis, pingDiagnosis, fromSysToolPingCmd) allows authenticated attackers to execute arbitrary root shell commands, enabling exploitation of public-facing applications, exploitation of remote services, and execution via network device CLI or Unix shell.