CVE-2025-14910 is a medium-severity path traversal vulnerability affecting the Edimax BR-6208AC router running firmware version 1.02. The vulnerability resides in the FTP Daemon Service's handle_retr function, which improperly sanitizes file path inputs. This allows a remote attacker to craft malicious FTP commands that traverse directories and access files outside the intended FTP root directory. The flaw can be exploited remotely without authentication or user interaction, requiring only low attack complexity. The vulnerability impacts confidentiality by potentially exposing sensitive files stored on the device or accessible through its filesystem. Edimax has confirmed the issue but no longer supports this product, which has been discontinued for over five years. No official patches or firmware updates are available. The vendor advises users to disable the FTP service to mitigate risk and upgrade to supported devices. Although no active exploitation has been reported, public exploit code exists, increasing the risk of opportunistic attacks. The CVSS 4.0 vector indicates no privileges or user interaction are needed, with partial confidentiality impact and no integrity or availability impact. This vulnerability highlights the risks of using unsupported legacy network devices with exposed services.

The primary impact of this vulnerability is unauthorized disclosure of sensitive information due to path traversal, which can expose configuration files, credentials, or other sensitive data stored on or accessible through the device. Organizations using the Edimax BR-6208AC in their networks may face confidentiality breaches, potentially leading to further compromise if attackers obtain credentials or configuration details. Although the vulnerability does not directly affect device integrity or availability, the exposure of sensitive files can facilitate subsequent attacks. Since the device is discontinued and unsupported, organizations cannot rely on vendor patches, increasing the risk of exploitation over time. The ease of remote exploitation without authentication means attackers can scan for vulnerable devices and attempt exploitation opportunistically. This risk is particularly relevant for environments where these routers remain in use, such as small offices or home networks that have not upgraded hardware. The lack of active exploit reports suggests limited current impact, but public exploit availability raises the likelihood of future attacks. Overall, the vulnerability poses a moderate risk to confidentiality and network security posture for affected users.

Given the absence of official patches or firmware updates, mitigation must focus on reducing the attack surface and exposure. The primary recommendation is to immediately disable the FTP service on the Edimax BR-6208AC device, as advised by the vendor, since this service is the attack vector for the vulnerability. Disabling FTP will prevent remote exploitation of the path traversal flaw while allowing the device to continue functioning for other purposes. Network administrators should also isolate the device from untrusted networks, such as the internet, by placing it behind firewalls or restricting access to trusted internal networks only. Monitoring network traffic for unusual FTP requests or scanning activity targeting the device can help detect attempted exploitation. Ultimately, organizations should plan to replace the BR-6208AC with a modern, supported router model that receives regular security updates. For environments where replacement is not immediately feasible, implementing compensating controls such as network segmentation and strict access controls is critical. Regularly auditing network devices for unsupported hardware can prevent prolonged exposure to similar legacy vulnerabilities.