* Exploit Title: Edimax BR-6478AC & Others Mutiple root-level execution vulnerabilities * Discovery Date: 2015/06 * Public Disclosure Date: 2015/12/06 * Vulnerability Author: Michael Winstead * Vendor Homepage: http://www.edimax.com/edimax/global/ * Category: embedded routers Description ======================================================================== Multiple authenticated web requests to the administrative webapp on the Edimax BR-6478AC and other Edimax routers may allow an attacker root-level access to the underlying system. Additional exploitation vector of non-cryptographically protected automatic updates could allow for an "Evilgrade" style attack on a target. Write-up and communications log may be found at: https://docs.google.com/document/d/1fDnXf0ymgnCDf6pK46c64jyQZa4CqX4BBUGKrH00dVw Timeline ======================================================================== 2015/6/7 - Vendor notified via email 2015/8/20 - Vendor agrees to patch devices 2015/10/14 - Vendor releases patches 2015/11/24 - Coordinate with CERT for public release 2015/12/6 - Public vulnerability release Solution ======================================================================== Update the following Edimax WiFi devices to at least the following versions: 1. BR-6478AC v2.20 2. BR-6208AC v1.28 3. BR-6288ACL v1.10 4. BR-6228nS_v2 v1.22 5. BR-6228nC_v2 v1.22 6. BR-6428nS_v2 v1.16 7. BR-6428nC v1.16
