Skip to main content

Edimax BR-6478AC V2 CVE-2026-12806

| EUVDEUVD-2026-38192 HIGH
Classic Buffer Overflow (CWE-120)
2026-06-21 VulDB GHSA-93qv-48qr-mj84
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable web endpoint (AV:N/AC:L), requires valid web-UI credentials per CVSS 4.0 PR:L mapping to PR:L, no user interaction, full RCE as root on the device yields C/I/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 22, 2026 - 06:11 vuln.today
CVSS changed
Jun 21, 2026 - 20:22 NVD
8.7 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack/heap buffer overflow in the Edimax BR-6478AC V2 wireless router (firmware 1.23) lets an authenticated attacker corrupt memory by sending an oversized selSSID parameter to the formWlSiteSurvey handler under /goform/, enabling denial of service and potentially arbitrary code execution on the device. Publicly available exploit code exists, but no public exploit identified at time of analysis as actively used in attacks (not in CISA KEV); the vendor was notified and did not respond, leaving devices unpatched. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Reach router web UI on LAN or exposed WAN
Delivery
Authenticate with valid or default credentials
Exploit
POST oversized selSSID to /goform/formWlSiteSurvey
Install
Trigger buffer overflow in formWlSiteSurvey
C2
Hijack httpd control flow as root
Execute
Install persistent backdoor on router
Impact
Intercept and redirect client network traffic

Vulnerability AssessmentAI

Exploitation Attacker must be able to reach the router's HTTP management interface (LAN-side by default, or WAN-side only if remote administration is enabled) and must possess valid web-UI credentials, since the CVSS vector specifies PR:L; exploitation does not require user interaction (UI:N) or unusual attack requirements (AT:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate-to-elevated but bounded by deployment context. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid web-UI credentials - for example by guessing the default Edimax admin password on an internet-exposed router or by pivoting from a compromised LAN host - sends a crafted POST request to /goform/formWlSiteSurvey with an over-long selSSID value. The oversize copy corrupts memory in the httpd process and, leveraging the publicly disclosed exploit writeup hosted on Notion, can be steered toward arbitrary code execution as root on the router, granting persistent control of the gateway and the ability to intercept or redirect all client traffic.
Remediation No vendor-released patch identified at time of analysis - Edimax did not respond to the disclosure, so administrators must rely on compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Edimax BR-6478AC V2 devices; restrict router management interface access via network ACLs; disable remote management if enabled. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12806 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy