Skip to main content

Edimax BR-6428NS CVE-2026-8776

| EUVDEUVD-2026-30720 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-18 VulDB GHSA-cc9m-6hq9-85vh
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Updated
May 18, 2026 - 02:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 18, 2026 - 02:22 vuln.today
cvss_changed
CVSS changed
May 18, 2026 - 02:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 18, 2026 - 01:43 vuln.today

DescriptionCVE.org

A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt memory by sending an overlong pptpUserName parameter to the /goform/formPPTPSetup endpoint. Publicly available exploit code exists per VulDB disclosure, and no public exploit identified at time of analysis in CISA KEV. The vendor was reportedly contacted prior to disclosure but did not respond, leaving the device line without a confirmed fix.

Technical ContextAI

The vulnerability resides in the formPPTPSetup handler inside the device's embedded web management interface (/goform/ is the typical Boa/GoAhead-style CGI binding used by many SOHO routers, including Edimax models). The root cause is CWE-120 (Classic Buffer Overflow / Buffer Copy without Checking Size of Input): the handler copies the user-supplied pptpUserName POST argument into a fixed-size stack buffer without bounds checking. Because embedded MIPS/ARM router firmware of this generation rarely enables stack canaries, ASLR, or non-executable stacks consistently, a stack overflow in a long-running httpd process can frequently be steered toward control-flow hijacking or, at minimum, a denial of service of the management plane. The affected CPE is cpe:2.3:a:edimax:br-6428ns covering firmware 1.10.

RemediationAI

No vendor-released patch identified at time of analysis, as Edimax did not respond to the coordinated disclosure attempt. Owners should treat the device as end-of-support for security purposes and consider replacement with a currently-maintained router. As compensating controls, restrict access to the web management interface (typically TCP/80 and TCP/443) to a trusted management VLAN or specific admin IPs via firewall ACLs - this trades off remote administration convenience for safety; ensure remote/WAN-side administration is fully disabled (side effect: admins must be on-LAN or VPN'd in to manage the device); change default admin credentials and rotate them, since exploitation requires PR:L authentication so strong credentials meaningfully raise the bar; if the PPTP VPN feature is not in use, do not configure it via the affected form (note that this does not remove the vulnerable code path, only reduces operational reasons to touch it). Monitor VulDB entry https://vuldb.com/vuln/364401 for any future vendor response.

Share

CVE-2026-8776 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy