漏洞标题
N/A
漏洞描述信息
艾迪美(Edimax)AC1200 Wi-Fi 5 双频路由器 BR-6476AC 1.06 版本中存在命令注入漏洞,具体表现为 /bin/goahead 文件存在命令注入漏洞。攻击者可以通过访问 /goform/tracerouteDiagnosis, /goform/pingDiagnosis 和 /goform/fromSysToolPingCmd 等路径触发该漏洞。成功利用此漏洞的攻击者可以注入并执行任意 shell 命令,并以 "root" 权限运行。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
在命令中使用的特殊元素转义处理不恰当(命令注入)
漏洞标题
N/A
漏洞描述信息
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.
CVSS信息
N/A
漏洞类别
N/A