CVE-2025-14093 is a medium-severity OS command injection vulnerability identified in the Edimax BR-6478AC V3 router firmware version 1.0.15. The vulnerability resides in the function sub_416990, specifically in the /boafrm/formTracerouteDiagnosticRun endpoint, which processes the 'host' parameter. Due to insufficient input validation or sanitization, an attacker can inject arbitrary operating system commands via this parameter. This flaw allows remote attackers to execute commands on the underlying operating system with the privileges of the affected process. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and does not require user interaction (UI:N). However, it requires high privileges (PR:H), which suggests that exploitation might need prior access or elevated rights, possibly through other vulnerabilities or misconfigurations. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as the attacker can execute commands that may lead to data leakage, system manipulation, or denial of service. The vendor Edimax was notified early but has not responded or released patches, and exploit code is publicly available, increasing the risk of exploitation. No known exploits in the wild have been reported yet. The vulnerability affects only firmware version 1.0.15 of the BR-6478AC V3 model. The lack of vendor response and public exploit availability necessitates proactive defensive measures.

For European organizations, this vulnerability poses a moderate risk, especially for those deploying Edimax BR-6478AC V3 routers in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary commands on the router, potentially leading to network traffic interception, manipulation, or disruption of network services. This could compromise the confidentiality and integrity of sensitive data traversing the network and impact availability if the device is rendered inoperable. Critical sectors such as government, finance, healthcare, and energy that rely on secure and stable network infrastructure may face increased risks. The public availability of exploit code raises the likelihood of opportunistic attacks, particularly in environments where patching or device replacement is delayed. Additionally, the lack of vendor support complicates remediation efforts, increasing exposure duration. Organizations with remote management enabled or poorly segmented networks are at higher risk. The medium CVSS score reflects the balance between the potential impact and the requirement for high privileges, which may limit exploitation to attackers with some level of access.

1. Immediately audit networks to identify any Edimax BR-6478AC V3 devices running firmware version 1.0.15. 2. Disable remote management interfaces, especially those exposed to the internet, to reduce attack surface. 3. Implement strict network segmentation to isolate vulnerable devices from critical network segments and sensitive data. 4. Monitor network traffic and device logs for unusual command execution patterns or unexpected traceroute diagnostic requests. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting command injection attempts on router management endpoints. 6. Where possible, replace affected devices with models from vendors with active security support and patch management. 7. If replacement is not immediately feasible, consider deploying compensating controls such as firewall rules restricting access to the router management interface to trusted IP addresses only. 8. Educate network administrators about the vulnerability and the importance of minimizing privileged access to router management consoles. 9. Regularly review and update network device firmware and configurations to prevent exploitation of known vulnerabilities. 10. Engage with Edimax or authorized resellers to seek updates or guidance, despite the current lack of vendor response.