Details of VAR-202512-2302

ID

VAR-202512-2302

CVE

CVE-2025-14910

TITLE

EDIMAX Technology of BR-6208AC Path traversal vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024604

DESCRIPTION

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is no longer available in the market and has been discontinued for five years. Consequently, Edimax no longer provides technical support, firmware updates, or security patches for this specific model. However, to ensure the safety of our remaining active users, we acknowledge this report and will take the following mitigation actions: (A) We will issue an official security advisory on our support website. (B) We will strongly advise users to disable the FTP service on this device to mitigate the reported risk, by which the product will still work for common use. (C) We will recommend users upgrade to newer, supported models." This vulnerability only affects products that are no longer supported by the maintainer. Exploits for this vulnerability are currently publicly available and may be exploited in the wild. 5 It was discontinued years ago. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-14910 // JVNDB: JVNDB-2025-024604

AFFECTED PRODUCTS

vendor:	edimax	model:	br-6208ac	scope:	eq	version:	1.02	Trust: 1.0
vendor:	edimax	model:	br-6208ac	scope:	eq	version:	br-6208ac firmware 1.02	Trust: 0.8
vendor:	edimax	model:	br-6208ac	scope:	eq	version:	-	Trust: 0.8
vendor:	edimax	model:	br-6208ac	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-024604 // NVD: CVE-2025-14910

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-14910
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-14910
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-024604
value:	MEDIUM
Trust: 0.8

cna@vuldb.com:	CVE-2025-14910
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-024604
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2025-14910
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-14910
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-024604
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-024604 // NVD: CVE-2025-14910 // NVD: CVE-2025-14910

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-024604 // NVD: CVE-2025-14910

PATCH

title:

Submit #713704

url:

https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Path-Traversal-Vulnerability-in-FTPd-2c4b5c52018a80fb8812f7d510abf558?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2025-024604

EXTERNAL IDS

db:	NVD	id:	CVE-2025-14910	Trust: 2.6
db:	VULDB	id:	337435	Trust: 1.0
db:	JVNDB	id:	JVNDB-2025-024604	Trust: 0.8

sources: JVNDB: JVNDB-2025-024604 // NVD: CVE-2025-14910

REFERENCES

url:	https://tzh00203.notion.site/edimax-br-6208ac-v2_1-02-path-traversal-vulnerability-in-ftpd-2c4b5c52018a80fb8812f7d510abf558?source=copy_link	Trust: 1.0
url:	https://vuldb.com/?submit.713704	Trust: 1.0
url:	https://vuldb.com/?id.337435	Trust: 1.0
url:	https://vuldb.com/?ctiid.337435	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-14910	Trust: 0.8

sources: JVNDB: JVNDB-2025-024604 // NVD: CVE-2025-14910

SOURCES

db:	JVNDB	id:	JVNDB-2025-024604
db:	NVD	id:	CVE-2025-14910

LAST UPDATE DATE

2026-01-14T23:31:03.361000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-024604	date:	2026-01-14T07:40:00
db:	NVD	id:	CVE-2025-14910	date:	2026-01-12T17:01:11.393

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-024604	date:	2026-01-14T00:00:00
db:	NVD	id:	CVE-2025-14910	date:	2025-12-19T02:16:04.903