CVE-2025-15258
Unknown Unknown - Not Provided
Open Redirect in Edimax BR-6208AC Web Configuration Interface

Publication date: 2025-12-30

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15258
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
edimax br-6208ac *
edimax br-6208ac 1.03
edimax br-6208ac 1.02
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an open redirect issue in the Edimax BR-6208AC router firmware versions 1.02 and 1.03. It occurs in the web-based configuration interface's function formALGSetup due to improper handling of the 'wlan-url' parameter. An attacker can craft a malicious URL that causes the router to redirect users to arbitrary, potentially harmful websites when they click the link, enabling phishing or other malicious redirection attacks. [1, 2]


How can this vulnerability impact me? :

The vulnerability can be exploited remotely to redirect users to malicious websites, which can lead to phishing attacks or other malicious activities. This compromises the integrity of the system by manipulating the router's redirection behavior. Since the affected device is no longer supported or patched, users remain vulnerable unless they upgrade to newer models. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP requests to the router's web-based configuration interface, specifically looking for requests to the endpoint /goform/formALGSetup with the wlan-url parameter manipulated. Detection can involve capturing and inspecting network traffic for suspicious URLs that include the wlan-url parameter redirecting to external sites. Since the vulnerability involves open redirect via the wlan-url parameter, commands like using curl or wget to test the endpoint with crafted wlan-url values can help verify the presence of the vulnerability. For example, a command like: curl -I "http://<router-ip>/goform/formALGSetup?wlan-url=http://malicious.example.com" can be used to observe if the server redirects to the external URL. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected Edimax BR-6208AC V2 router with a newer, supported model, as the product has reached End of Life and no firmware updates or patches will be provided. Since no known mitigations or patches exist for this vulnerability, upgrading to a newer device is the recommended action to ensure better security. Additionally, users should be cautious about clicking on suspicious links that may exploit this open redirect vulnerability. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart