CVE-2024-48418
Published: 27 January 2025
Summary
CVE-2024-48418 is a high-severity CSRF (CWE-352) vulnerability in Edimax Br-6476Ac Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly and comprehensively addresses the command injection vulnerability by requiring validation and sanitization of user-provided parameters containing special characters in the /goform/fromSetDDNS request handler.
Ensures timely remediation of the specific flaw in the DDNS handler through identification, reporting, and patching as provided in the vendor advisory.
Requires identification and authentication for organizational users accessing the web interface, preventing unauthenticated exploitation (PR:N) from adjacent networks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in the router's web interface (/goform/fromSetDDNS) enables arbitrary Unix shell execution (T1059.004) and exploitation of a public-facing web application (T1190).
NVD Description
In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.
Deeper analysisAI
CVE-2024-48418 is a command injection vulnerability affecting the Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06. The flaw resides in the /goform/fromSetDDNS request handler, which fails to properly sanitize special characters in user-provided parameters. This allows an attacker with access to the web interface to inject and execute arbitrary shell commands. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-352.
An attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. By crafting a malicious request to the /goform/fromSetDDNS endpoint with specially crafted parameters containing special characters, the attacker can execute arbitrary shell commands on the router. This grants high-impact control over confidentiality, integrity, and availability, potentially leading to full device compromise.
For mitigation guidance, refer to the vendor advisory at http://edimax.com and the detailed advisory at https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48418.md. The vulnerability was published on 2025-01-27.
Details
- CWE(s)