Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt memory by sending an overlong pptpUserName parameter to the /goform/formPPTPSetup endpoint. Publicly available exploit code exists per VulDB disclosure, and no public exploit identified at time of analysis in CISA KEV. The vendor was reportedly contacted prior to disclosure but did not respond, leaving the device line without a confirmed fix.
Technical ContextAI
The vulnerability resides in the formPPTPSetup handler inside the device's embedded web management interface (/goform/ is the typical Boa/GoAhead-style CGI binding used by many SOHO routers, including Edimax models). The root cause is CWE-120 (Classic Buffer Overflow / Buffer Copy without Checking Size of Input): the handler copies the user-supplied pptpUserName POST argument into a fixed-size stack buffer without bounds checking. Because embedded MIPS/ARM router firmware of this generation rarely enables stack canaries, ASLR, or non-executable stacks consistently, a stack overflow in a long-running httpd process can frequently be steered toward control-flow hijacking or, at minimum, a denial of service of the management plane. The affected CPE is cpe:2.3:a:edimax:br-6428ns covering firmware 1.10.
RemediationAI
No vendor-released patch identified at time of analysis, as Edimax did not respond to the coordinated disclosure attempt. Owners should treat the device as end-of-support for security purposes and consider replacement with a currently-maintained router. As compensating controls, restrict access to the web management interface (typically TCP/80 and TCP/443) to a trusted management VLAN or specific admin IPs via firewall ACLs - this trades off remote administration convenience for safety; ensure remote/WAN-side administration is fully disabled (side effect: admins must be on-LAN or VPN'd in to manage the device); change default admin credentials and rotate them, since exploitation requires PR:L authentication so strong credentials meaningfully raise the bar; if the PPTP VPN feature is not in use, do not configure it via the affected form (note that this does not remove the vulnerable code path, only reduces operational reasons to touch it). Monitor VulDB entry https://vuldb.com/vuln/364401 for any future vendor response.
Stack buffer overflow in the Edimax BR-6428NS router firmware version 1.10 allows authenticated remote attackers to corr
Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to
Stack buffer overflow in the Edimax BR-6428NS 1.10 wireless router allows authenticated remote attackers to corrupt memo
Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticate
Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command exec
Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system c
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30720
GHSA-cc9m-6hq9-85vh