Details of VAR-202601-3748

ID

VAR-202601-3748

CVE

CVE-2025-70161

TITLE

EDIMAX Technology of BR-6208AC Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-001911

DESCRIPTION

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-70161 // JVNDB: JVNDB-2026-001911

AFFECTED PRODUCTS

vendor:	edimax	model:	br-6208ac	scope:	eq	version:	1.03	Trust: 1.0
vendor:	edimax	model:	br-6208ac	scope:	-	version:	-	Trust: 0.8
vendor:	edimax	model:	br-6208ac	scope:	eq	version:	br-6208ac firmware 1.03	Trust: 0.8
vendor:	edimax	model:	br-6208ac	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001911 // NVD: CVE-2025-70161

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70161
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-001911
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70161
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-001911
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001911 // NVD: CVE-2025-70161

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001911 // NVD: CVE-2025-70161

PATCH

title:

EDIMAX BR-6208AC V2_1.02 Command Injection Vulnerability in Web “ setWAN ” handler

url:

https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2026-001911

EXTERNAL IDS

db:	NVD	id:	CVE-2025-70161	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001911	Trust: 0.8

sources: JVNDB: JVNDB-2026-001911 // NVD: CVE-2025-70161

REFERENCES

url:	https://tzh00203.notion.site/edimax-br-6208ac-v2_1-02-command-injection-vulnerability-in-web-setwan-handler-2d3b5c52018a80d7ae8dce2bf5e3294c?source=copy_link	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-70161	Trust: 0.8

sources: JVNDB: JVNDB-2026-001911 // NVD: CVE-2025-70161

SOURCES

db:	JVNDB	id:	JVNDB-2026-001911
db:	NVD	id:	CVE-2025-70161

LAST UPDATE DATE

2026-01-29T23:43:03.898000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001911	date:	2026-01-27T08:34:00
db:	NVD	id:	CVE-2025-70161	date:	2026-01-22T20:45:13.620

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001911	date:	2026-01-27T00:00:00
db:	NVD	id:	CVE-2025-70161	date:	2026-01-09T17:15:54.247