CVE-2025-14094 is an OS command injection vulnerability identified in the Edimax BR-6478AC V3 router firmware version 1.0.15. The vulnerability resides in the function sub_44CCE4 within the /boafrm/formSysCmd file, where the sysCmd argument is improperly sanitized, allowing an attacker to inject arbitrary operating system commands. This flaw can be exploited remotely without requiring authentication or user interaction, making it highly accessible to attackers scanning for vulnerable devices exposed to the internet or internal networks. The vulnerability's CVSS 4.0 score is 5.1 (medium), reflecting the ease of exploitation but limited scope of impact due to required privileges (PR:H) and low impact on confidentiality, integrity, and availability. The vendor was contacted early but has not responded or issued a patch, and a public exploit has been published, increasing the risk of exploitation. Successful exploitation could allow attackers to execute arbitrary commands on the router, potentially leading to full device compromise, network traffic interception, or pivoting into internal networks. The lack of authentication requirement and remote exploitability make this a significant threat for organizations relying on this router model, especially if devices are exposed to untrusted networks.

For European organizations, this vulnerability poses a risk of unauthorized remote control over affected Edimax BR-6478AC V3 routers, potentially compromising network perimeter security. Attackers could leverage this flaw to execute arbitrary commands, leading to data exfiltration, network disruption, or establishing persistent backdoors. This could impact confidentiality by exposing sensitive network traffic, integrity by altering router configurations or firmware, and availability by causing device malfunctions or denial of service. Organizations with these routers deployed in critical infrastructure, small to medium enterprises, or home office environments are particularly vulnerable due to often weaker network segmentation and monitoring. The absence of a vendor patch increases exposure time, and the availability of public exploits heightens the likelihood of attacks. This threat could also facilitate lateral movement within corporate networks, amplifying its impact.

Until an official patch is released by Edimax, organizations should implement the following mitigations: 1) Immediately disable remote management interfaces on the affected routers to prevent external exploitation. 2) Restrict network access to the router’s management interface to trusted internal IP addresses only. 3) Employ network segmentation to isolate vulnerable devices from critical assets and sensitive data. 4) Monitor network traffic and router logs for unusual command execution patterns or unauthorized access attempts. 5) Replace affected devices with alternative models or vendors if feasible, especially in high-risk environments. 6) Apply strict firewall rules to block inbound traffic targeting the router’s management ports. 7) Educate IT staff about the vulnerability and ensure rapid incident response capability. 8) Regularly scan the network for devices running the vulnerable firmware version to maintain situational awareness.