[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Edimax BR-6478AC & Others Multiple Vulnerabilites



* Exploit Title: Edimax BR-6478AC & Others Mutiple root-level execution vulnerabilities
* Discovery Date: 2015/06
* Public Disclosure Date: 2015/12/06
* Vulnerability Author: Michael Winstead
* Vendor Homepage: http://www.edimax.com/edimax/global/
* Category: embedded routers

Description
========================================================================
Multiple authenticated web requests to the administrative webapp on the Edimax BR-6478AC and
other Edimax routers may allow an attacker root-level access to the underlying system. Additional
exploitation vector of non-cryptographically protected automatic updates could allow for an
"Evilgrade" style attack on a target. 

Write-up and communications log may be found at:
https://docs.google.com/document/d/1fDnXf0ymgnCDf6pK46c64jyQZa4CqX4BBUGKrH00dVw

Timeline
========================================================================
2015/6/7 - Vendor notified via email
2015/8/20 - Vendor agrees to patch devices
2015/10/14 - Vendor releases patches
2015/11/24 - Coordinate with CERT for public release
2015/12/6 - Public vulnerability release

Solution
========================================================================
Update the following Edimax WiFi devices to at least the following versions:

1. BR-6478AC v2.20
2. BR-6208AC v1.28
3. BR-6288ACL v1.10
4. BR-6228nS_v2 v1.22
5. BR-6228nC_v2 v1.22
6. BR-6428nS_v2 v1.16
7. BR-6428nC v1.16