Cyber Posture

CVE-2024-48420

HighPublic PoC

Published: 27 January 2025

Published
27 January 2025
Modified
28 May 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 39.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48420 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Edimax Br-6476Ac Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely remediation through vendor firmware patching directly eliminates the stack-based buffer overflow in the /goform/getWifiBasic endpoint.

SI-10 Information Input Validation good match
prevent

Validating user-supplied inputs with bounds checking prevents the buffer overflow exploitation in the router's web interface.

SI-16 Memory Protection partial match
prevent

Memory protections such as stack canaries or ASLR mitigate arbitrary code execution from the stack-based buffer overflow even if bounds checking fails.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The buffer overflow vulnerability in the public-facing web interface (/goform/getWifiBasic) of the Edimax Wi-Fi router enables remote exploitation for potential code execution, directly mapping to T1190: Exploit Public-Facing Application.

NVD Description

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.

Deeper analysisAI

CVE-2024-48420 is a buffer overflow vulnerability (CWE-120) affecting the Edimax AC1200 Wi-Fi 5 Dual-Band Router model BR-6476AC running firmware version 1.06. The issue resides in the web interface endpoint /goform/getWifiBasic, where insufficient bounds checking on user-supplied input leads to a stack-based buffer overflow. This flaw has a CVSS v3.1 base score of 8.8 (High), reflecting its potential for significant impact.

An attacker with adjacent network access (AV:A), such as from the same local Wi-Fi network, can exploit this vulnerability with low complexity (AC:L), no authentication requirements (PR:N), and no user interaction (UI:N). Successful exploitation allows arbitrary code execution with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially enabling full router compromise, such as persistent access, data theft, or network pivoting.

Mitigation details are outlined in vendor and security advisories, available at http://edimax.com and https://github.com/SpikeReply/advisories/blob/c271ddb997bc0263274118acc380bc71ce9c316b/cve/edimax/cve-2024-48420.md. Security practitioners should check these resources for firmware patches, workarounds, or updated configurations specific to the BR-6476AC.

Details

CWE(s)
CWE-120

Affected Products

edimax
br-6476ac firmware
1.06

CVEs Like This One

CVE-2024-48416Same product: Edimax Br-6476Ac
CVE-2024-48418Same product: Edimax Br-6476Ac
CVE-2024-48419Same product: Edimax Br-6476Ac
CVE-2025-22916Same vendor: Edimax
CVE-2025-22904Same vendor: Edimax
CVE-2025-22907Same vendor: Edimax
CVE-2025-22913Same vendor: Edimax
CVE-2020-37125Same vendor: Edimax
CVE-2024-57482Shared CWE-120
CVE-2025-22906Same vendor: Edimax

References