CVE-2024-48419

Published Jan 27, 2025

Last updated a year ago

CVSS high 8.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-48419 describes command injection vulnerabilities found in the Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC, specifically version 1.06. These issues reside within the `/bin/goahead` component of the router's firmware. An attacker with access to the web interface can exploit these vulnerabilities by injecting and executing arbitrary shell commands with root privileges. This can be achieved through specific diagnostic functions, including `/goform/tracerouteDiagnosis`, `/goform/pingDiagnosis`, and `/goform/fromSysToolPingCmd`.

Description
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.
Source
cve@mitre.org
NVD status
Analyzed
Products
br-6476ac_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-77

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

8

  1. Pythonライブラリjellyfin-apiclient-pythonに、任意のコード実行が可能な重大な脆弱性(CVE-2024-48419)が報告された。攻撃者は細工したファイル名を通じて、影響を受けるシステム上で任意のコマンドを実行できる恐

    @yousukezan

    8 May 2026

    4502 Impressions

    7 Retweets

    32 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-48419 Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /gofo… https://t.co/CkgmdniX54

    @CVEnew

    27 Jan 2025

    203 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.CVE-2024-48420
  2. In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.CVE-2024-48418
  3. Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.CVE-2024-48417
  4. Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.CVE-2024-48416

References

Sources include official advisories and independent security research.