CVSS Base Vector:
This host is installed with Edimax product(s)
and is prone to multiple vulnerabilities.
Send a crafted request via HTTP GET and
check whether it is able to bypass authentication or not.
Multiple flwas are due to the HTTP
authorization is not being properly verified while sendind POST requests
to '.cgi' and GET requests to 'FUNCTION_SCRIPT' and 'main.asp'.
Successful exploitation will allow remote
attackers to execute arbitrary script code in a user's browser, bypass
authentication and read arbitrary files to obtain detail information about
Edimax BR6228nS/BR6228nC (Firmware version: 1.22)
Edimax PS-1206MF (Firmware version: 4.8.25).
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
Vendor will not fix