CVE-2025-15256

MEDIUM EPSS 86.9%
Published Dec 30, 20256mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 4.0
Medium
Find Similar
Published Dec 30, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Details

Base Score
5.5
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
86.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-74
CWE-77 Command Injection Injection

Affected Products 3

VendorProductVersionRange
edimaxbr-6208ac_firmware1.02any
edimaxbr-6208ac_firmware1.03any
edimaxbr-6208ac2.0any

References 5

  • tzh00203.notion.site https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b
    ExploitThird Party Advisory
  • tzh00203.notion.site https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link
    ExploitThird Party Advisory
  • vuldb.com https://vuldb.com/?ctiid.338646
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.338646
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.722014
    Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.