CVE 9.8 CRITICAL

CVE-2025-70161_CVE-2025-70161

January 12, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

AI Analysis

Command Injection vulnerability in EDIMAX BR-6208AC V2_1.02, allowing arbitrary code execution

Basic Information

ID CVE-2025-70161

Source mitre

Published Jan 9, 2026 at 00:00

Modified Jan 12, 2026 at 16:24

Affected Product

Vendor EDIMAX

Product EDIMAX BR-6208AC

Version V2_1.02

Affected Versions n/a n/a n/a

CWE Classification

CWE-77

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor EDIMAX

Product BR-6208AC

Version V2_1.02

References

tzh00203.notion.site /EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c

{
    "lastseen": "",
    "description": "EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.",
    "published": "2026-01-09T00:00:00.000Z",
    "modified": "2026-01-12T16:24:37.524Z",
    "type": "cve",
    "title": "CVE-2025-70161",
    "source": "mitre",
    "references": "https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c?source=copy_link",
    "id": "CVE-2025-70161",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EDIMAX BR-6208AC",
    "version": "V2_1.02",
    "vendor": "EDIMAX",
    "ai_description": "Command Injection vulnerability in EDIMAX BR-6208AC V2_1.02, allowing arbitrary code execution",
    "ai_severity": "Critical",
    "ai_vendor": "EDIMAX",
    "ai_product": "BR-6208AC",
    "ai_version": "V2_1.02",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply