Sign-up

ID

VAR-202512-2452


CVE

CVE-2025-15256


TITLE

EDIMAX Technology of BR-6208AC  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024686

DESCRIPTION

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-15256 // JVNDB: JVNDB-2025-024686

AFFECTED PRODUCTS

vendor:edimaxmodel:br-6208acscope:eqversion:1.02

Trust: 1.0

vendor:edimaxmodel:br-6208acscope:eqversion:1.03

Trust: 1.0

vendor:edimaxmodel:br-6208acscope:eqversion:br-6208ac firmware 1.02

Trust: 0.8

vendor:edimaxmodel:br-6208acscope: - version: -

Trust: 0.8

vendor:edimaxmodel:br-6208acscope:eqversion: -

Trust: 0.8

vendor:edimaxmodel:br-6208acscope:eqversion:br-6208ac firmware 1.03

Trust: 0.8

sources: JVNDB: JVNDB-2025-024686 // NVD: CVE-2025-15256

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-15256
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-15256
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-024686
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2025-15256
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-024686
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-15256
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-15256
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-024686
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-024686 // NVD: CVE-2025-15256 // NVD: CVE-2025-15256

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-024686 // NVD: CVE-2025-15256

PATCH

title:Edimax BR-6208AC V2_1.02 Command Injectionurl:https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2025-024686

EXTERNAL IDS

db:NVDid:CVE-2025-15256

Trust: 2.6

db:VULDBid:338646

Trust: 1.0

db:JVNDBid:JVNDB-2025-024686

Trust: 0.8

sources: JVNDB: JVNDB-2025-024686 // NVD: CVE-2025-15256

REFERENCES

url:https://vuldb.com/?ctiid.338646

Trust: 1.0

url:https://vuldb.com/?submit.722014

Trust: 1.0

url:https://tzh00203.notion.site/edimax-br-6208ac-v2_1-02-command-injection-vulnerability-in-web-formstadrvsetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link

Trust: 1.0

url:https://tzh00203.notion.site/edimax-br-6208ac-v2_1-02-command-injection-vulnerability-in-web-formstadrvsetup-handler-2d2b5c52018a803ebd91c200b3e2925b

Trust: 1.0

url:https://vuldb.com/?id.338646

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-15256

Trust: 0.8

sources: JVNDB: JVNDB-2025-024686 // NVD: CVE-2025-15256

SOURCES

db:JVNDBid:JVNDB-2025-024686
db:NVDid:CVE-2025-15256

LAST UPDATE DATE

2026-01-16T23:03:12.333000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-024686date:2026-01-15T07:20:00
db:NVDid:CVE-2025-15256date:2026-01-13T21:35:45.300

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-024686date:2026-01-15T00:00:00
db:NVDid:CVE-2025-15256date:2025-12-30T17:15:41.027