CVE-2025-28142
Published: 15 April 2025
Summary
CVE-2025-28142 is a medium-severity Command Injection (CWE-77) vulnerability in Edimax Br-6478Ac V3 Firmware. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10977
Vulnerability details
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The OS command injection vulnerability in the router's web form (formDiskCreateShare) enables remote authenticated attackers to execute arbitrary Unix shell commands as root (T1059.004) by exploiting the remote web management service (T1210).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.