Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in Edimax BR-6428nC router web interface through the /goform/setWAN endpoint allows authenticated remote attackers to execute arbitrary system commands via unsanitized pppUserName or pptpUserName parameters. Affected firmware versions up to 1.16 contain this vulnerability; publicly available exploit code exists. The vendor was contacted but did not respond, indicating no security fix is anticipated.
Technical ContextAI
The Edimax BR-6428nC is a wireless router whose web-based management interface processes WAN configuration parameters through the /goform/setWAN endpoint. The vulnerability stems from CWE-77 (Improper Neutralization of Special Elements used in a Command), where user-supplied input in the pppUserName and pptpUserName parameters is passed unsanitized to shell commands, likely during PPP or PPTP connection configuration. The web interface fails to properly escape or validate these parameters before using them in system-level operations, permitting command injection via shell metacharacters.
RemediationAI
No vendor-released patch is available; the manufacturer did not respond to disclosure. Immediate mitigations include: (1) Restrict access to the router's web interface via firewall rules, allowing only trusted management networks to reach ports 80/443; (2) Enforce strong, unique administrator credentials and change default passwords immediately; (3) Disable remote management features (disable WAN-side access to the web interface) if the router supports this configuration option; (4) Segment the router on a separate management network isolated from untrusted user traffic; (5) Monitor router logs for suspicious /goform/setWAN requests with special characters in parameters. If the router is critical and replacement is feasible, migrate to an alternative vendor with active security support. Each mitigation trades convenience for security-restricting access impacts remote troubleshooting, and disabling features reduces functionality.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26821