Which versions of Edimax BR-6478AC are affected by CVE-2026-10163?

Edimax BR-6478AC wireless routers contain a memory corruption vulnerability with publicly available exploit code that attackers with low-level credentials could leverage to compromise network…

Is there a public PoC exploit available for CVE-2026-10163?

Yes, a public proof-of-concept exploit is available for CVE-2026-10163. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-10163?

Within 24 hours: Inventory all Edimax BR-6478AC v1.23 routers and restrict network access to administrative interfaces via firewall rules and network segmentation. Within 7 days: Disable USB Account management functionality if not operationally required; implement additional access controls to limit low-level credential provisioning. Within 30 days: Isolate affected routers on restricted network segments; establish vendor monitoring schedule or device replacement timeline.

Edimax BR-6478AC CVE-2026-10163

Q: What is the CVSS score of CVE-2026-10163?

CVE-2026-10163 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-33482 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-31 VulDB

GHSA-pxj4-7p26-956c

Buffer Overflow Br 6478Ac

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 31, 2026 - 04:30 vuln.today

v3 (cvss_changed)

Analysis Updated

May 31, 2026 - 04:30 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 31, 2026 - 04:22 vuln.today

cvss_changed

CVSS changed

May 31, 2026 - 04:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 31, 2026 - 03:58 vuln.today

DescriptionCVE.org

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

AnalysisAI

Buffer overflow in the Edimax BR-6478AC v1.23 wireless router allows authenticated remote attackers to corrupt memory by sending oversized UserName or Password values to the /goform/formUSBAccount endpoint. Publicly available exploit code exists for this issue, raising the practical risk despite the requirement for low-level credentials, though no active exploitation has been confirmed via CISA KEV.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Discover exposed router admin interface

Delivery

Authenticate with default or weak credentials

Exploit

Send crafted POST to /goform/formUSBAccount

Execution

Overflow buffer via oversized UserName/Password

Persist

Execute shellcode as web daemon

Impact

Install persistent implant or botnet agent