Skip to main content

Edimax BR-6428nC CVE-2026-7683

| EUVDEUVD-2026-26821 LOW
Command Injection (CWE-77)
2026-05-03 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:40 vuln.today
Severity Changed
May 03, 2026 - 07:22 NVD
MEDIUM LOW
CVSS changed
May 03, 2026 - 07:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
PoC Detected
May 03, 2026 - 07:16 vuln.today
Public exploit code
EUVD ID Assigned
May 03, 2026 - 07:15 euvd
EUVD-2026-26821
Analysis Generated
May 03, 2026 - 07:15 vuln.today
CVE Published
May 03, 2026 - 06:30 nvd
LOW 2.1

DescriptionCVE.org

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Edimax BR-6428nC router web interface through the /goform/setWAN endpoint allows authenticated remote attackers to execute arbitrary system commands via unsanitized pppUserName or pptpUserName parameters. Affected firmware versions up to 1.16 contain this vulnerability; publicly available exploit code exists. The vendor was contacted but did not respond, indicating no security fix is anticipated.

Technical ContextAI

The Edimax BR-6428nC is a wireless router whose web-based management interface processes WAN configuration parameters through the /goform/setWAN endpoint. The vulnerability stems from CWE-77 (Improper Neutralization of Special Elements used in a Command), where user-supplied input in the pppUserName and pptpUserName parameters is passed unsanitized to shell commands, likely during PPP or PPTP connection configuration. The web interface fails to properly escape or validate these parameters before using them in system-level operations, permitting command injection via shell metacharacters.

RemediationAI

No vendor-released patch is available; the manufacturer did not respond to disclosure. Immediate mitigations include: (1) Restrict access to the router's web interface via firewall rules, allowing only trusted management networks to reach ports 80/443; (2) Enforce strong, unique administrator credentials and change default passwords immediately; (3) Disable remote management features (disable WAN-side access to the web interface) if the router supports this configuration option; (4) Segment the router on a separate management network isolated from untrusted user traffic; (5) Monitor router logs for suspicious /goform/setWAN requests with special characters in parameters. If the router is critical and replacement is feasible, migrate to an alternative vendor with active security support. Each mitigation trades convenience for security-restricting access impacts remote troubleshooting, and disabling features reduces functionality.

Share

CVE-2026-7683 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy