CVE-2025-15257
Published: 30 December 2025
Description
A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The attack…
more
can be executed remotely. The exploit has been released to the public and may be used for attacks. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.
Mitigating Controls (NIST 800-53 r5)AI
Prohibits the use of unsupported EOL system components like the Edimax BR-6208AC V2, preventing exploitation of unpatchable command injection vulnerabilities.
Validates information inputs such as strIp, strMask, and strGateway parameters to the formRoute function, directly preventing command injection attacks.
Enforces approved authorizations for access to the web-based configuration interface, blocking unauthenticated remote exploitation of the vulnerable endpoint.
Security SummaryAI
CVE-2025-15257 is a command injection vulnerability affecting the Edimax BR-6208AC router running firmware versions 1.02 and 1.03, specifically the V2 model. The flaw resides in the formRoute function within the /gogorm/formRoute endpoint of the Web-based Configuration Interface. By manipulating the strIp, strMask, or strGateway arguments, an attacker can inject arbitrary commands, as classified under CWE-74 and CWE-77. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-12-30.
The vulnerability enables remote exploitation without authentication or user interaction, allowing unauthenticated attackers anywhere on the network to execute arbitrary commands on the device. Successful exploitation could result in limited impacts, including low-level confidentiality, integrity, and availability compromises, such as data leakage, configuration tampering, or denial of service.
Edimax has confirmed the issue but states that the BR-6208AC V2 has reached end-of-life (EOL) status, meaning it is unsupported, unmaintained, and unavailable for purchase. No firmware updates or patches will be provided, and users are advised to upgrade to newer models. This vulnerability exclusively affects these discontinued products.
An exploit for CVE-2025-15257 has been publicly released and may be leveraged in attacks targeting exposed EOL devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a command injection flaw in the public-facing web configuration interface of a router, enabling unauthenticated remote exploitation (T1190: Exploit Public-Facing Application) and arbitrary command execution on the network device (T1059.008: Network Device CLI).