Vulnerability Description
A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Edimax | Br-6208Ac Firmware | <= 1.02 |
| Edimax | Br-6208Ac | 2.0 |
Related Weaknesses (CWE)
References
- https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Weak-Password-AuthenticatiExploitThird Party Advisory
- https://vuldb.com/?ctiid.344494Permissions RequiredVDB Entry
- https://vuldb.com/?id.344494Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.744032Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-1972?
CVE-2026-1972 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default c...
How severe is CVE-2026-1972?
CVE-2026-1972 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1972?
Check the references section above for vendor advisories and patch information. Affected products include: Edimax Br-6208Ac Firmware, Edimax Br-6208Ac.