CVE-2025-14910 is a path traversal vulnerability identified in the FTP Daemon Service of the Edimax BR-6208AC router, specifically in firmware version 1.02. The vulnerability arises from improper validation of file path inputs in the handle_retr function, which processes FTP RETR commands. An attacker can remotely exploit this flaw by crafting malicious FTP requests that traverse directories outside the intended FTP root, potentially accessing sensitive system files or configuration data. The attack requires no user interaction and can be performed without authentication, leveraging network access to the FTP service. Despite the product being discontinued for over five years and lacking vendor support or patches, the vulnerability remains relevant for any active devices. Edimax has acknowledged the issue and recommends disabling the FTP service to mitigate risk or upgrading to supported hardware. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and limited confidentiality impact. No public exploits have been observed in the wild, but the exploit code is publicly available, increasing the risk of opportunistic attacks. The vulnerability's persistence in legacy devices poses a risk especially in environments where these routers remain in use without proper segmentation or monitoring.

For European organizations, the primary impact of this vulnerability is unauthorized disclosure of sensitive information stored on the affected router, including configuration files, credentials, or network topology data. This could facilitate further network compromise or lateral movement by attackers. The ability to remotely exploit the flaw without authentication increases the attack surface, especially in organizations where these devices are exposed to untrusted networks or insufficiently segmented internal networks. Although the vulnerability does not directly enable code execution or denial of service, the information disclosure can undermine network security posture. Critical infrastructure or enterprises relying on legacy Edimax BR-6208AC routers may face increased risk of espionage or targeted attacks. The lack of vendor support and patches means organizations must rely on compensating controls, increasing operational overhead. Additionally, the public availability of exploit code could lead to automated scanning and exploitation attempts, raising the urgency for mitigation in European environments where these devices are still deployed.

European organizations should immediately identify any active Edimax BR-6208AC devices running firmware version 1.02 within their networks. Given the absence of vendor patches, the primary mitigation is to disable the FTP service on these devices, as recommended by Edimax, to eliminate the attack vector. Network segmentation should be enforced to isolate legacy devices from critical systems and untrusted networks, minimizing exposure. Implement strict firewall rules to block external and unnecessary internal access to the FTP port (usually TCP 21). Monitoring and logging of FTP traffic should be enhanced to detect suspicious path traversal attempts. If possible, replace the affected devices with newer, supported models that receive regular security updates. For environments where replacement is not immediately feasible, consider deploying network intrusion detection systems (NIDS) with signatures for path traversal attacks targeting FTP services. Regular vulnerability scanning should include checks for this specific CVE to ensure no devices are overlooked. Finally, educate network administrators about the risks of unsupported legacy hardware and the importance of timely upgrades.