Skip to main content

Edimax BR-6478AC CVE-2026-10125

| EUVDEUVD-2026-33468 HIGH
Buffer Overflow (CWE-119)
2026-05-30 cna@vuldb.com GHSA-3qwv-jp8x-xr7q
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 30, 2026 - 16:30 vuln.today

DescriptionCVE.org

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.

AnalysisAI

Stack-based buffer overflow in the Edimax BR-6478AC wireless router (firmware 1.23) allows remote attackers with low-privilege access to corrupt memory via a crafted pppUserName parameter sent to the formPPPoESetup handler at /goform/formPPPoESetup. Publicly available exploit code exists per VulDB, and the CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-reachable exploitation with authentication, yielding high impact to confidentiality, integrity, and availability of the device. No active in-the-wild exploitation has been confirmed in CISA KEV at time of analysis.

Technical ContextAI

The vulnerability resides in the web management interface of the Edimax BR-6478AC consumer/SOHO wireless router, specifically in the formPPPoESetup CGI handler responsible for processing PPPoE WAN configuration POST requests. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), realized as a classic stack-based buffer overflow triggered when the pppUserName POST argument is copied into a fixed-size stack buffer without proper length validation - a common pattern in MIPS/ARM-based embedded router firmware that uses unsafe C string operations like strcpy or sprintf in goform handlers compiled into the httpd/boa-derived web server. Successful overflow can overwrite the saved return address on the stack, enabling control-flow hijacking on the router's typically non-ASLR, non-DEP embedded Linux environment.

RemediationAI

No vendor-released patch identified at time of analysis - Edimax has not published a security advisory or fixed firmware for BR-6478AC 1.23 in the supplied references. Compensating controls: disable remote (WAN-side) administration on the router so /goform/formPPPoESetup is unreachable from the internet, which eliminates the network attack surface at the cost of losing remote management; restrict LAN-side access to the admin interface via a management VLAN or firewall ACL so only trusted hosts can reach the HTTP admin port; replace default admin credentials with a strong unique password to defeat the PR:L precondition, accepting that an insider or credential-phishing path still works; and given the device class and likely end-of-life status, consider replacing the BR-6478AC with a currently supported router model as the durable fix. Track vendor status via the VulDB entry at https://vuldb.com/vuln/367302 and the researcher disclosure at https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formPPPoESetup-34b53a41781f80a1b029cb5ca5570afa.

Share

CVE-2026-10125 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy