Filtered by vendor Edimax
Subscribe
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13269 | 1 Edimax | 2 Br-6208ac V1, Br-6208ac V1 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | |||||
| CVE-2018-8072 | 1 Edimax | 6 Ic-3140w, Ic-3140w Firmware, Ic-5150w and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function. | |||||
| CVE-2018-10569 | 1 Edimax | 2 Edimax Ew-7438rpn V2 Firmware, Ew-7438rpn Mini V2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | |||||
| CVE-2016-10863 | 1 Edimax | 4 7237rpd, 7237rpd Firmware, Ew-7438rpn Mini and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. | |||||
| CVE-2024-7616 | 1 Edimax | 4 Ic-5150w, Ic-5150w Firmware, Ic-6220dc and 1 more | 2024-08-13 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||