CVE-2025-34024
Edimax EW-7438RPn Mini OS Command Injection via mp.asp
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
Edimax · Edimax EW-7438RPn MiniPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/48377no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://vulncheck.com/advisories/edimax-ew-7438rpn-command-injectionshttps://www.broadcom.com/support/security-center/attacksignatures/detail?asid=32163https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/https://www.exploit-db.com/exploits/48377