216.73.216.75

CVE-2025-15257

· Published 30/12/2025 17:15 · Modified 31/12/2025 20:42

Labels: CVE-2025-15257 2025-12-30CVE-2025-15257CWE-74[email protected]

Essential information

Published
30/12/2025 17:15
Modified
31/12/2025 20:42
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
edimax / br-6208ac cpe:2.3:a:edimax:br-6208ac:1.02:*:*:*:*:*:*:*
edimax / br-6208ac cpe:2.3:a:edimax:br-6208ac:1.03:*:*:*:*:*:*:*

References