Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-1972 is a vulnerability in the Edimax BR-6208AC router, version 2_1.02, specifically in the function auth_check_userpass2.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the Username/Password argument can be manipulated to cause the device to use default credentials.'}, {'type': 'paragraph', 'content': 'These default credentials are hardcoded and easily guessable, such as username "admin" and password "1234", allowing an attacker to bypass authentication.'}, {'type': 'paragraph', 'content': 'The attack can be initiated remotely without any authentication, and a public exploit exists, making exploitation relatively easy.'}, {'type': 'paragraph', 'content': 'The affected product is no longer supported by the vendor and is considered end-of-life.'}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker to gain unauthorized access to the affected Edimax router by using default credentials.

Because the attack can be performed remotely without authentication, it poses a risk of unauthorized control or access to the device.

The impact primarily affects confidentiality, as unauthorized users could potentially access sensitive information managed by the device.

Since the product is end-of-life and no mitigations are provided, the recommended action is to replace the device with a supported alternative.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the Edimax BR-6208AC router is running the vulnerable firmware version 2_1.02 or 2_1.03 and if it accepts the default credentials username "admin" and password "1234".'}, {'type': 'paragraph', 'content': "A practical detection method is to attempt to authenticate remotely to the device's management interface using these default credentials."}, {'type': 'paragraph', 'content': 'For example, you can use the following command to test access via HTTP (replace <router_ip> with the device IP address):'}, {'type': 'list_item', 'content': 'curl -u admin:1234 http://<router_ip>/'}, {'type': 'paragraph', 'content': 'If the device grants access without rejecting the credentials, it indicates the vulnerability is present.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Since the affected Edimax BR-6208AC product is end-of-life and no official patches or mitigations are provided, the recommended immediate step is to replace the vulnerable device with a supported alternative.'}, {'type': 'paragraph', 'content': 'In the meantime, if replacement is not immediately possible, changing the default credentials from username "admin" and password "1234" to a strong, unique password may reduce the risk, although the vulnerability arises from the authentication function itself.'}, {'type': 'paragraph', 'content': "Additionally, restricting remote access to the device's management interface by firewall rules or network segmentation can help mitigate exploitation."}] [1, 2]

Useful 0 Not Useful 0