Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp
Vulnerability Description
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Edimax EW-7438RPn Mini 安全漏洞
Vulnerability Description
Edimax EW-7438RPn Mini是中国台湾讯舟(Edimax)公司的一款小型无线信号扩展器。 Edimax EW-7438RPn Mini 1.13及之前版本存在安全漏洞,该漏洞源于syscmd.asp表单处理器暴露系统命令接口,可能导致OS命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A