Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack buffer overflow in the Edimax BR-6428NS 1.10 wireless router allows authenticated remote attackers to corrupt memory by sending an overlong pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists, and the vendor failed to respond to the coordinated disclosure attempt, leaving devices without an official fix. With a CVSS of 8.8 and full CIA impact, successful exploitation can result in arbitrary code execution or device takeover on the embedded router.
Technical ContextAI
The Edimax BR-6428NS is a consumer-grade N150 wireless broadband router that exposes its administrative interface over HTTP through a series of 'goform' CGI handlers compiled into the embedded web server. The vulnerable function formWanTcpipSetup handles WAN configuration POST requests and copies the pppUserName argument into a fixed-size stack buffer without bounds validation, which matches the CWE-120 classic buffer copy without checking size of input. On MIPS/ARM-based SOHO routers like the BR-6428NS, such stack overflows typically overwrite the saved return address and can be leveraged for arbitrary code execution because the device firmware generally lacks modern mitigations such as ASLR, stack canaries, or non-executable stacks.
RemediationAI
No vendor-released patch identified at time of analysis, as the vendor did not respond to the disclosure reported by VulDB. Operators should immediately restrict access to the router's web administration interface by ensuring it is not exposed to the WAN (disable any 'Remote Management' or 'WAN Access' settings) and by placing the LAN-side admin interface behind firewall rules limiting it to trusted management hosts only, accepting the trade-off of needing console or physical access for configuration changes. Change any default or weak admin credentials to mitigate the PR:L precondition, and given the BR-6428NS is a legacy consumer router with no responsive vendor, the most defensible long-term action is to replace the device with a currently-supported model; consult the VulDB record at https://vuldb.com/vuln/365241 and the public exploit write-up at https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWanTcpipSetup-34b53a41781f80049b27db22e62fd8fd for indicator and detection details.
Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt me
Stack buffer overflow in the Edimax BR-6428NS router firmware version 1.10 allows authenticated remote attackers to corr
Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to
Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticate
Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command exec
Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system c
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31529
GHSA-w59p-45j6-4rch