CVE-2026-1972
Authentication Bypass in Edimax BR-6208AC via Default Credentials
Publication date: 2026-02-06
Last updated on: 2026-02-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | br-6208ac_firmware | to 1.02 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-1972 is a vulnerability in the Edimax BR-6208AC router, version 2_1.02, specifically in the function auth_check_userpass2.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the Username/Password argument can be manipulated to cause the device to use default credentials.'}, {'type': 'paragraph', 'content': 'These default credentials are hardcoded and easily guessable, such as username "admin" and password "1234", allowing an attacker to bypass authentication.'}, {'type': 'paragraph', 'content': 'The attack can be initiated remotely without any authentication, and a public exploit exists, making exploitation relatively easy.'}, {'type': 'paragraph', 'content': 'The affected product is no longer supported by the vendor and is considered end-of-life.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability allows an attacker to gain unauthorized access to the affected Edimax router by using default credentials.
Because the attack can be performed remotely without authentication, it poses a risk of unauthorized control or access to the device.
The impact primarily affects confidentiality, as unauthorized users could potentially access sensitive information managed by the device.
Since the product is end-of-life and no mitigations are provided, the recommended action is to replace the device with a supported alternative.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the Edimax BR-6208AC router is running the vulnerable firmware version 2_1.02 or 2_1.03 and if it accepts the default credentials username "admin" and password "1234".'}, {'type': 'paragraph', 'content': "A practical detection method is to attempt to authenticate remotely to the device's management interface using these default credentials."}, {'type': 'paragraph', 'content': 'For example, you can use the following command to test access via HTTP (replace <router_ip> with the device IP address):'}, {'type': 'list_item', 'content': 'curl -u admin:1234 http://<router_ip>/'}, {'type': 'paragraph', 'content': 'If the device grants access without rejecting the credentials, it indicates the vulnerability is present.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Since the affected Edimax BR-6208AC product is end-of-life and no official patches or mitigations are provided, the recommended immediate step is to replace the vulnerable device with a supported alternative.'}, {'type': 'paragraph', 'content': 'In the meantime, if replacement is not immediately possible, changing the default credentials from username "admin" and password "1234" to a strong, unique password may reduce the risk, although the vulnerability arises from the authentication function itself.'}, {'type': 'paragraph', 'content': "Additionally, restricting remote access to the device's management interface by firewall rules or network segmentation can help mitigate exploitation."}] [1, 2]