Skip to main content

Edimax BR-6208AC CVE-2026-7685

| EUVDEUVD-2026-26823 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-03 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Generated
May 03, 2026 - 07:40 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
8.8 (HIGH) 7.4 (HIGH)
PoC Detected
May 03, 2026 - 07:16 vuln.today
Public exploit code
EUVD ID Assigned
May 03, 2026 - 07:15 euvd
EUVD-2026-26823
Analysis Generated
May 03, 2026 - 07:15 vuln.today
CVE Published
May 03, 2026 - 07:00 nvd
HIGH 7.4

DescriptionCVE.org

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Edimax BR-6208AC router firmware version 1.02 allows authenticated remote attackers to achieve complete system compromise via crafted pptpDfGateway parameter to /goform/setWAN endpoint. Public exploit code exists (EPSS probability unknown, not in CISA KEV). The vendor was notified but did not respond, leaving users without official remediation guidance. Attack requires only low-privilege authentication (PR:L) with network access and low complexity (AC:L), making this readily exploitable against internet-exposed management interfaces.

Technical ContextAI

This is a classic stack-based buffer overflow (CWE-120) in the web management interface of an Edimax consumer-grade router. The vulnerable endpoint /goform/setWAN handles WAN configuration, specifically PPTP gateway settings. When processing the pptpDfGateway parameter, insufficient bounds checking allows an attacker to write beyond allocated buffer space. The CVSS 4.0 vector indicates complete compromise of confidentiality, integrity, and availability (VC:H/VI:H/VA:H) with no cross-scope impact (SC:N/SI:N/SA:N), meaning attackers gain full control of the router itself. The CPE string identifies firmware version 1.02 and below as vulnerable, though the exact version range endpoint is not confirmed. Buffer overflows in embedded device web interfaces typically result from unsafe C string functions (strcpy, sprintf) processing user input without length validation.

RemediationAI

No vendor-released patch exists for this vulnerability as Edimax did not respond to responsible disclosure. Users must implement compensating controls immediately. PRIMARY MITIGATION: Disable remote administration access to the router's web interface from the WAN side - this blocks internet-based exploitation but allows internal network attacks to proceed. Access the router admin panel, navigate to remote management settings, and ensure 'Allow Remote Management' or equivalent is disabled. SECONDARY MITIGATION: Change default administrative credentials to strong unique passwords (20+ characters, random) to raise the authentication bar, though this only delays exploitation via credential attacks. NETWORK ISOLATION: Place the router behind a firewall or gateway device that blocks external access to ports 80/443/8080 targeting the router's management IP, though this requires additional hardware. REPLACEMENT: Consider migrating to actively supported router hardware from vendors with established security response programs, as Edimax's silence indicates lack of ongoing security maintenance. For critical environments, replacement is the only durable solution. MONITORING: Log all administrative access attempts and enable alerts for failed authentication or configuration changes to the WAN settings as detection mechanism, though this provides no prevention. Each mitigation has trade-offs: disabling remote admin breaks legitimate remote management use cases, strong passwords add operational friction, network isolation requires additional hardware/complexity, and replacement incurs capital expense.

Share

CVE-2026-7685 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy