Sign-up

ID

VAR-202602-0421


CVE

CVE-2026-1972


TITLE

EDIMAX Technology of BR-6208AC  Firmware default credential usage vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-004581

DESCRIPTION

A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer. Exploits have been published and are likely to be used in the wild. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-1972 // JVNDB: JVNDB-2026-004581

AFFECTED PRODUCTS

vendor:edimaxmodel:br-6208acscope:lteversion:1.02

Trust: 1.0

vendor:edimaxmodel:br-6208acscope: - version: -

Trust: 0.8

vendor:edimaxmodel:br-6208acscope:lteversion:br-6208ac firmware 1.02 and earlier

Trust: 0.8

vendor:edimaxmodel:br-6208acscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004581 // NVD: CVE-2026-1972

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-1972
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-1972
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-004581
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-1972
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-004581
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-1972
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-1972
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-004581
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004581 // NVD: CVE-2026-1972 // NVD: CVE-2026-1972

PROBLEMTYPE DATA

problemtype:CWE-1392

Trust: 1.0

problemtype:Using default credentials (CWE-1392) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004581 // NVD: CVE-2026-1972

PATCH

title:Submit #744032url:https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Weak-Password-Authentication-Vulnerability-in-auth_check_userpass2-Functi-2f0b5c52018a801c9645dd5261717901?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2026-004581

EXTERNAL IDS

db:NVDid:CVE-2026-1972

Trust: 2.6

db:VULDBid:344494

Trust: 1.0

db:JVNDBid:JVNDB-2026-004581

Trust: 0.8

sources: JVNDB: JVNDB-2026-004581 // NVD: CVE-2026-1972

REFERENCES

url:https://tzh00203.notion.site/edimax-br-6208ac-v2_1-02-weak-password-authentication-vulnerability-in-auth_check_userpass2-functi-2f0b5c52018a801c9645dd5261717901?source=copy_link

Trust: 1.0

url:https://vuldb.com/?ctiid.344494

Trust: 1.0

url:https://vuldb.com/?id.344494

Trust: 1.0

url:https://vuldb.com/?submit.744032

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-1972

Trust: 0.8

sources: JVNDB: JVNDB-2026-004581 // NVD: CVE-2026-1972

SOURCES

db:JVNDBid:JVNDB-2026-004581
db:NVDid:CVE-2026-1972

LAST UPDATE DATE

2026-02-25T23:07:13.809000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004581date:2026-02-24T07:41:00
db:NVDid:CVE-2026-1972date:2026-02-20T15:20:01.763

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004581date:2026-02-24T00:00:00
db:NVDid:CVE-2026-1972date:2026-02-06T02:16:04.633