Edimax Br 6428ns Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Edimax Br 6428ns Firmware.
By the Year
In 2026 there have been 7 vulnerabilities in Edimax Br 6428ns Firmware with an average score of 7.7 out of ten. Br 6428ns Firmware did not have any published security vulnerabilities last year. That is, 7 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 7.73 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 4 | 9.55 |
It may take a day or so for new Br 6428ns Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Edimax Br 6428ns Firmware Security Vulnerabilities
Edimax BR-6428NS 1.10 Command Injection via repeaterSSID
CVE-2026-9297
6.3 - Medium
- May 23, 2026
A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Command Injection
Edimax BR-6428NS 1.10 Command Injection via /goform/formWlanM
CVE-2026-9296
6.3 - Medium
- May 23, 2026
A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Command Injection
Edimax BR-6428NS 1.10 Buffer Overflow via formWirelessTbl POST Handler
CVE-2026-9295
8.8 - High
- May 23, 2026
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
Edimax BR-6428NS 1.10 POST Buffer Overflow in formWanTcpipSetup
CVE-2026-9294
8.8 - High
- May 23, 2026
A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
Command Injection via stadrv_ssid in Edimax BR-6428NS 1.10 POST Handler
CVE-2026-8777
6.3 - Medium
- May 18, 2026
A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Command Injection
Buffer Overflow in Edimax BR-6428NS 1.10 POST Handler formPPTPSetup
CVE-2026-8776
8.8 - High
- May 18, 2026
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
Edimax BR-6428NS 1.10: Remote Buffer Overflow via L2TPUserName in formL2TPSetup
CVE-2026-8775
8.8 - High
- May 18, 2026
A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
Edimax N300 Firmware: Command Injection via /bin/webs setWAN
CVE-2023-31986
9.8 - Critical
- May 15, 2023
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.
Command Injection
Command Injection in Edimax N300 Router via /bin/webs
CVE-2023-31983
9.8 - Critical
- May 12, 2023
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.
Command Injection
Edimax N300: Command Injection via /bin/webs formAccept
CVE-2023-31985
9.8 - Critical
- May 12, 2023
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.
Command Injection
CVE-2022-45768 Command Injection via formWlanMP in Edimax N300
CVE-2022-45768
8.8 - High
- February 07, 2023
Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Edimax Br 6428ns Firmware or by Edimax? Click the Watch button to subscribe.
