Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Edimax EW-7438RPn Mini OS Command Injection via mp.asp
Vulnerability Description
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Edimax EW-7438RPn 安全漏洞
Vulnerability Description
Edimax EW-7438RPn是中国台湾讯舟(Edimax)公司的一款无线信号扩展器。 Edimax EW-7438RPn 1.13及之前版本存在安全漏洞,该漏洞源于mp.asp表单处理器未正确处理命令参数,可能导致OS命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A