The vulnerability identified as CVE-2025-15258 affects Edimax BR-6208AC routers running firmware versions 1.02 and 1.03. It resides in the web-based configuration interface, specifically in the formALGSetup function located at /goform/formALGSetup. The issue arises from improper validation of the wlan-url argument, which can be manipulated to cause an open redirect. An attacker can craft a URL that, when visited by a user, redirects them to a malicious external website without their consent. This can be exploited remotely without requiring authentication, though user interaction is necessary to trigger the redirect. The vulnerability does not impact the confidentiality, integrity, or availability of the router itself but can be leveraged for phishing attacks, credential theft, or distribution of malware by redirecting users to malicious sites. Edimax has confirmed that the BR-6208AC V2 model is End of Life, with no further firmware updates or patches planned, leaving the vulnerability unpatched. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and limited impact on integrity and availability, resulting in a medium severity score of 5.1. While no exploits are currently known to be active in the wild, the public availability of exploit code increases the risk of exploitation, especially in environments where these devices remain in use.

For European organizations, the primary impact of this vulnerability lies in the potential for social engineering and phishing attacks facilitated by the open redirect. Users redirected to malicious sites may inadvertently disclose credentials or download malware, leading to broader network compromise. Although the vulnerability does not directly compromise the router’s core functions or network availability, it undermines user trust and can serve as a stepping stone for more sophisticated attacks. Organizations relying on Edimax BR-6208AC devices, especially in sectors with high user interaction such as education, small business, or public institutions, face increased risk. The lack of vendor support and patches means that these devices represent persistent security liabilities. Additionally, attackers may exploit this vulnerability to bypass security controls or redirect traffic to malicious infrastructure, potentially impacting confidentiality. The medium severity rating reflects these risks but also the limited scope of direct device compromise.

Given the End of Life status of the Edimax BR-6208AC, no official patches or firmware updates are available. The most effective mitigation is to replace these devices with newer, supported models that receive regular security updates. In environments where immediate replacement is not feasible, organizations should restrict access to the router’s web interface to trusted internal networks only, using network segmentation and firewall rules to prevent external access. Implementing web filtering and DNS security controls can help block access to known malicious domains that could be used in redirect attacks. Educating users about the risks of clicking suspicious links and verifying URLs before interaction can reduce the likelihood of successful phishing attempts. Monitoring network traffic for unusual redirect patterns and employing intrusion detection systems can provide early warning of exploitation attempts. Finally, organizations should conduct regular audits to identify legacy devices and prioritize their replacement or isolation.