CVE-2025-28143
Published: 15 April 2025
Summary
CVE-2025-28143 is a medium-severity Command Injection (CWE-77) vulnerability in Edimax Br-6478Ac V3 Firmware. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10969
Vulnerability details
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in the router's web management interface (/boafrm/formDiskCreateGroup) via unsanitized 'groupname' parameter enables authenticated remote attackers to execute arbitrary OS commands as root, mapping to Network Device CLI execution and exploitation of the remote web service.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.