Which versions of Edimax BR-6428NS are affected by CVE-2026-8775?

Edimax BR-6428NS routers running firmware 1.10 contain a memory corruption vulnerability (CVE-2026-8775) exploitable over the network; publicly available exploit code exists and no vendor patch has…

Is there a public PoC exploit available for CVE-2026-8775?

Yes, a public proof-of-concept exploit is available for CVE-2026-8775. Prioritise patching immediately. EPSS: 0.0%.

Edimax BR-6428NS CVE-2026-8775

Q: What is the CVSS score of CVE-2026-8775?

CVE-2026-8775 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-30721 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-18 VulDB

GHSA-72qw-jfp3-cf43

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 18, 2026 - 02:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 18, 2026 - 02:22 vuln.today

cvss_changed

CVSS changed

May 18, 2026 - 02:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 18, 2026 - 01:43 vuln.today

DescriptionNVD

A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack buffer overflow in the Edimax BR-6428NS router firmware version 1.10 allows authenticated remote attackers to corrupt memory by sending a crafted POST request to the formL2TPSetup handler with an oversized L2TPUserName parameter. Publicly available exploit code exists via a third-party Notion writeup, and the vendor was contacted but did not respond, leaving devices exposed without a coordinated fix. …

RemediationAI

24 hours: Inventory all Edimax BR-6428NS devices and confirm firmware version 1.10 status; identify internet-exposed instances and immediately disable remote management if not operationally critical. 7 days: Implement network segmentation to restrict affected routers to internal-only access with strong authentication controls; evaluate replacement router models and procurement timelines. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8775 vulnerability details – vuln.today

Back

Edimax BR-6428NS CVE-2026-8775

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax BR-6428NS CVE-2026-8775

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code