Edimax Edimax

  1. Vendors
  2. Edimax

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Edimax product.

RSS Feeds for Edimax security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Edimax products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Edimax Sorted by Most Security Vulnerabilities since 2018

Edimax Ew 7438rpn24 vulnerabilities

Edimax Br 6478ac Firmware12 vulnerabilities

Edimax Br 6675nd12 vulnerabilities

Edimax Br 6428ns Firmware11 vulnerabilities

Edimax Br 6478ac V3 Firmware8 vulnerabilities

Edimax Re11s Firmware8 vulnerabilities

Edimax Br 6208ac Firmware7 vulnerabilities

Edimax Br 6476ac Firmware5 vulnerabilities

Edimax Ew 7438rpn Mini Firmware5 vulnerabilities

Edimax Br 6288acl Firmware3 vulnerabilities

Edimax Ew 7438rpn Mini V22 vulnerabilities

Edimax Br 6104k1 vulnerability

Edimax Br 6208ac V3 Firmware1 vulnerability

Edimax Br 6228nc1 vulnerability

Edimax Cv 7428ns Firmware1 vulnerability

Edimax Ic 7100 Firmware1 vulnerability

Known Exploited Edimax Vulnerabilities

The following Edimax vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Edimax IC-7100 IP Camera OS Command Injection Vulnerability Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2025-1316 Exploit Probability: 86.7% 		March 19, 2025

The vulnerability CVE-2025-1316: Edimax IC-7100 IP Camera OS Command Injection Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 67 vulnerabilities in Edimax with an average score of 7.6 out of ten. Last year, in 2025 Edimax had 30 security vulnerabilities published. That is, 37 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.78.




Year Vulnerabilities Average Score
2026 67 7.60
2025 30 5.82
2024 1 9.80
2023 5 9.40

It may take a day or so for new Edimax vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Edimax Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-10166 May 31, 2026
Remote Cmd Injection in Edimax BR-6478AC 1.23 formWlbasic rootAPmac A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Br 6478ac Firmware
CVE-2026-10165 May 31, 2026
Stack Buffer Overflow in Edimax BR-6478AC 1.23 POST Handler A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.
Br 6478ac Firmware
CVE-2026-10164 May 31, 2026
Edimax BR-6478AC 1.23 remote USB Folder buffer overflow A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Br 6478ac Firmware
CVE-2026-10163 May 31, 2026
Edimax BR-6478AC 1.23 POST Request Handler Buffer Overflow A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Br 6478ac Firmware
CVE-2026-10127 May 30, 2026
Edimax BR-6478AC 1.23 cmd injection via formStaDrvSetup A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Br 6478ac Firmware
CVE-2026-10126 May 30, 2026
Buffer Overflow in Edimax BR-6478AC 1.23 FormQoS via POST A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Br 6478ac Firmware
CVE-2026-10125 May 30, 2026
Stack Buffer Overflow in Edimax BR-6478AC 1.23 formPPPoESetup via pppUserName A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.
Br 6478ac Firmware
CVE-2026-9482 May 25, 2026
Edimax EW-7438RPn 1.31 Remote Stack Overflow via formSDHCP A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9481 May 25, 2026
Stack-based Buffer Overflow in Edimax EW-7438RPn 1.31 (formStats) A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9480 May 25, 2026
Edimax EW-7438RPn 1.31 Remote SB-Overflow via formrefresh (/goform/formrefresh) A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9479 May 25, 2026
Edimax EW-7438RPn 1.31 Stack Buffer Overflow in formLogout (submit-url) A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9463 May 25, 2026
Edimax EW-7438RPn 1.31 Stack Buffer Overflow in /goform/formLicence Submit-URL A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9462 May 25, 2026
Edimax EW-7438RPn 1.31 Stack-Based Buffer Overflow in formWpsProxyEnable A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9461 May 25, 2026
Edimax EW-7438RPn 1.31 Remote Stack Buffer Overflow in formRadius A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9460 May 25, 2026
Edimax EW-7438RPn 1.31 remote stack overflow via formAccept A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9459 May 25, 2026
Edimax EW-7438RPn 1.31: formConnectionSetting BufOverflow Remote Exploit A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max_Conn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9443 May 25, 2026
Edimax BR-6478AC 1.23 POST Handler Buffer Overflow (L2TPUserName) A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6478ac Firmware
CVE-2026-9442 May 25, 2026
Edimax BR-6478AC 1.23 Buffer Overflow in formiNICSiteSurvey (selSSID) A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6478ac Firmware
CVE-2026-9441 May 25, 2026
Command Injection in Edimax BR-6478AC 1.23 POST Handler A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6478ac Firmware
CVE-2026-9440 May 25, 2026
Edimax BR-6478AC 1.23: Remote Cmd Injection via formAccept A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6478ac Firmware
CVE-2026-9439 May 25, 2026
Edimax BR-6675nD 1.12 Command Injection via /goform/stainfo (stainfo func) A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9427 May 25, 2026
Edimax EW-7438RPn 1.31 buffer overflow in webs formWlSiteSurvey A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9426 May 25, 2026
Stack Overflow in Edimax EW-7438RPn 1.31 formHwSet (remote) A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9425 May 25, 2026
Edimax EW-7438RPn 1.31 Buffer Overflow via formWlanMP A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9424 May 25, 2026
OS Command Injection in Edimax EW-7438RPn 1.31 (formWlanMP) A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9423 May 25, 2026
Edimax BR-6675nD 1.12 cmd injection via /goform/mp POST handler A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9403 May 24, 2026
Edimax BR-6675nD 1.12 formWlSiteSurvey Buffer Overflow Remote A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9402 May 24, 2026
Command injection in Edimax BR-6675nD 1.12 formWlanMP POST handler A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument ateFunc/ateGain/ateRate/ateChan/ateTxCount/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/ateTxFreqOffset/ateMode/ateMacID/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/readE2P/e2pTxPwDeltaN results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9401 May 24, 2026
Edimax BR-6675nD 1.12 /goform/formWanTcpipSetup Buffer Overflow via pppUserName A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9400 May 24, 2026
Command Injection via formUSBStorage on Edimax BR-6675nD 1.12 A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9399 May 24, 2026
Edimax BR-6675nD 1.12 Buffer Overrun via formsetPPPoE (pppUserName) A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9382 May 24, 2026
Buffer Overflow in Edimax BR-6675nD 1.12 PPTP Setup Handler A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9381 May 24, 2026
Edimax BR-6675nD 1.12 Remote Buffer Overflow in formPPPoESetup POST A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9380 May 24, 2026
Edimax BR-6675nD 1.12 POST /goform/formL2TPSetup Buffer Overflow A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9379 May 24, 2026
Command Injection via POST formWpsStart on Edimax BR6675nD 1.12 Remotely A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argument pinCode causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9378 May 24, 2026
Edimax BR-6675nD 1.12 Command Injection via formHwSet POST A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument regDomain/ABandregDomain/nic0Addr/nic1Addr/wlanAddr/inicAddr results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6675nd
CVE-2026-9363 May 24, 2026
Edimax EW-7438RPn 1.12 Cmd Injection via POST /goform/formEZCHNwlanSetu A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9362 May 24, 2026
Command Injection in Edimax EW-7438RPn 1.12 Setting Handler (max_Conn/timeout) A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting Handler. Such manipulation of the argument max_Conn/timeOut leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9361 May 24, 2026
Edimax EW-7438RPn 1.12: Cmd Injection via formAccept POST Handler A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument submit-url causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9360 May 24, 2026
Edimax EW-7438RPn 1.28a POST Request Handler Buffer Overflow A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9359 May 24, 2026
Command Injection in Edimax EW-7438RPn 1.28a POST Request Handler 'formHwSet' A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/comd/initgain/txcck/txofdm leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9348 May 24, 2026
Stack-based Buffer Overflow in Edimax EW-7438RPn (<=1.31) /goform/mp A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9347 May 24, 2026
OS Command Injection in Edimax EW-7438RPn webs formWizSurvey (1.31) A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9346 May 24, 2026
Remote Buffer Overflow in EW-7438RPn Router up to v1.31 via formWirelessTbl A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9345 May 24, 2026
Edimax EW-7438RPn <=1.31 Buffer Overflow via formWizSurvey A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9344 May 24, 2026
Edimax EW-7438RPn stack buffer overflow in /goform/formWpsStart before 1.31 A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9343 May 23, 2026
OS Command Injection in Edimax EW-7438RPn Webs before 1.31 A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Ew 7438rpn
CVE-2026-9297 May 23, 2026
Edimax BR-6428NS 1.10 Command Injection via repeaterSSID A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6428ns Firmware
CVE-2026-9296 May 23, 2026
Edimax BR-6428NS 1.10 Command Injection via /goform/formWlanM A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6428ns Firmware
CVE-2026-9295 May 23, 2026
Edimax BR-6428NS 1.10 Buffer Overflow via formWirelessTbl POST Handler A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Br 6428ns Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.