CVE-2026-7682: Command Injection in Edimax BR-6208AC
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
This vulnerability affects Edimax BR-6208AC firmware version 1.02. The setWAN function in the /goform/setWAN endpoint, specifically in the L2TP Mode component, improperly sanitizes the L2TPUserName argument, enabling remote command injection. An attacker can exploit this flaw remotely without user interaction or elevated privileges. The vulnerability has been publicly disclosed with exploit code available, but the vendor has not issued any fix or advisory. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and low to low impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device, potentially compromising the router's integrity and availability. Given the medium CVSS score and public exploit availability, this vulnerability poses a moderate risk to affected devices. There is no indication of widespread exploitation in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should monitor for any vendor advisories or firmware updates addressing this issue. Until a fix is released, consider restricting network access to the device's management interface to trusted hosts only and disable L2TP Mode if not required to reduce exposure.
CVE-2026-7682: Command Injection in Edimax BR-6208AC
Description
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS v4.0
Score 5.3medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Edimax BR-6208AC firmware version 1.02. The setWAN function in the /goform/setWAN endpoint, specifically in the L2TP Mode component, improperly sanitizes the L2TPUserName argument, enabling remote command injection. An attacker can exploit this flaw remotely without user interaction or elevated privileges. The vulnerability has been publicly disclosed with exploit code available, but the vendor has not issued any fix or advisory. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and low to low impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device, potentially compromising the router's integrity and availability. Given the medium CVSS score and public exploit availability, this vulnerability poses a moderate risk to affected devices. There is no indication of widespread exploitation in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should monitor for any vendor advisories or firmware updates addressing this issue. Until a fix is released, consider restricting network access to the device's management interface to trusted hosts only and disable L2TP Mode if not required to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-02T11:05:13.164Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f6eceacbff5d8610c1b6de
Added to database: 5/3/2026, 6:36:26 AM
Last enriched: 5/11/2026, 2:11:49 AM
Last updated: 6/16/2026, 8:13:01 PM
Views: 109
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.