CVE-2024-7616 – Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
https://notcve.org/view.php?id=CVE-2024-7616
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?ctiid.273986 https://vuldb.com/?id.273986 https://vuldb.com/?submit.383845 https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34 https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-49351
https://notcve.org/view.php?id=CVE-2023-49351
A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el binario /bin/webs en la versión v1.23 del firmware Edimax BR6478AC V2 permite a los atacantes sobrescribir otros valores ubicados en la pila debido a un uso incorrecto de la función strcpy(). • https://github.com/countfatcode/temp/blob/main/formUSBAccount/formUSBAccount.md • CWE-787: Out-of-bounds Write •
CVE-2023-33722
https://notcve.org/view.php?id=CVE-2023-33722
EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. • https://docs.google.com/document/d/1KNuU0nVd4oHMZiKgfs45wK2yA4N6K7q4/edit?usp=sharing&ouid=108638774561085298954&rtpof=true&sd=true https://shimo.im/docs/pmkxQ1GQ4DTowANr • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-31986
https://notcve.org/view.php?id=CVE-2023-31986
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. • https://github.com/Erebua/CVE/blob/main/N300_BR-6428nS%20V4/4/Readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-31983
https://notcve.org/view.php?id=CVE-2023-31983
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. • https://github.com/Erebua/CVE/blob/main/N300_BR-6428nS%20V4/2/Readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •