CVE-2025-14092
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14092
EUVD
EUVD-2025-201416
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
edimax br-6478ac_v3_firmware 1.0.15
edimax br-6478ac_v3 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Edimax BR-6478AC V3 1.0.15 router, specifically in the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. It allows an attacker to manipulate the 'host' argument to perform OS command injection. This means an attacker can remotely execute arbitrary operating system commands on the device.

Impact Analysis

The vulnerability can allow a remote attacker to execute arbitrary OS commands on the affected device, potentially leading to unauthorized control, data compromise, or disruption of service. This could impact the security and availability of the device and any network it is connected to.

Detection Guidance

This vulnerability can be detected by monitoring for attempts to access the /boafrm/formDebugDiagnosticRun endpoint with suspicious or malformed 'host' parameter values that may include OS command injection payloads. Since the exploit requires authentication, checking logs for authenticated requests to this endpoint with unusual input is recommended. Specific detection commands are not provided in the resources. However, network monitoring tools or web application firewalls could be configured to alert on such requests. [1, 3]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Edimax BR-6478AC V3 router running firmware version 1.0.15, as no vendor patches or countermeasures are currently available. Additionally, restricting access to the device's management interface, enforcing strong authentication, and monitoring for suspicious activity can help reduce risk until the device is replaced. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14092. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart