CVE-2025-70161CRITICAL 9.8EPSS p97.6%

CVE-2025-70161CVE-2025-70161

Description

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS24.10% probability of exploitation · percentile 97.6% · 2026-06-18T12:00:27Z
Published2026-01-09
Last modified2026-01-22

Underlying weaknesses· 1

CWE-77

References

  1. https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c?source=copy_link

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9381
CVE
CVE-2026-36734
CVE
CVE-2026-9401
CVE
CVE-2026-10125
CVE
CVE-2026-7685
CVE
CVE-2026-10166
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.