Skip to main content

Edimax BR-6428NS CVE-2026-9295

| EUVDEUVD-2026-31528 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-23 VulDB GHSA-qc2w-vjr4-c222
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Re-analysis Queued
May 26, 2026 - 19:37 vuln.today
cvss_changed
CVSS changed
May 26, 2026 - 19:37 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 23, 2026 - 08:15 vuln.today

DescriptionCVE.org

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to corrupt memory by submitting a crafted vapurl parameter to the formWirelessTbl POST handler at /goform/formWirelessTbl. Publicly available exploit code exists (released via VulDB and a Notion writeup), and the vendor has not responded to coordinated disclosure attempts. The flaw is not currently listed in CISA KEV, but the combination of public PoC, low attack complexity, and an unpatched/unresponsive vendor makes this a tangible risk for any exposed device.

Technical ContextAI

The Edimax BR-6428NS is a consumer-grade SOHO wireless router whose web administration interface is served by an embedded HTTP daemon (goform-based handlers, typical of Realtek/Edimax firmware). The vulnerable code path is the formWirelessTbl handler under /goform/, which processes wireless table updates from POST requests. The root cause is CWE-120 (Classic Buffer Overflow / Buffer Copy without Checking Size of Input): the vapurl POST parameter is copied into a fixed-size stack or BSS buffer without bounds validation, allowing oversized input to overwrite adjacent memory. On MIPS/ARM SOHO devices of this class, such overflows typically lead to control-flow hijack or device crash. The affected CPE is cpe:2.3:a:edimax:br-6428ns:*:*:*:*:*:*:*:* with version 1.10 explicitly named.

RemediationAI

No vendor-released patch identified at time of analysis - Edimax did not respond to the disclosure, and the BR-6428NS is a legacy/likely end-of-life device, so users should plan for hardware replacement with a currently supported router as the durable fix. As compensating controls until replacement, disable remote/WAN-side administration on the device (admin console should be reachable only from a trusted LAN segment), enforce a strong unique admin password to raise the bar against the PR:L precondition, and place the router's management interface behind a firewall rule blocking inbound TCP to the HTTP admin port from untrusted networks; the trade-off is loss of remote management convenience. Monitor the VulDB entry at https://vuldb.com/vuln/365242 for any updated vendor response, and segment the device away from sensitive internal networks since a compromised router enables pivoting, DNS tampering, and traffic interception.

Share

CVE-2026-9295 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy