Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to corrupt memory by submitting a crafted vapurl parameter to the formWirelessTbl POST handler at /goform/formWirelessTbl. Publicly available exploit code exists (released via VulDB and a Notion writeup), and the vendor has not responded to coordinated disclosure attempts. The flaw is not currently listed in CISA KEV, but the combination of public PoC, low attack complexity, and an unpatched/unresponsive vendor makes this a tangible risk for any exposed device.
Technical ContextAI
The Edimax BR-6428NS is a consumer-grade SOHO wireless router whose web administration interface is served by an embedded HTTP daemon (goform-based handlers, typical of Realtek/Edimax firmware). The vulnerable code path is the formWirelessTbl handler under /goform/, which processes wireless table updates from POST requests. The root cause is CWE-120 (Classic Buffer Overflow / Buffer Copy without Checking Size of Input): the vapurl POST parameter is copied into a fixed-size stack or BSS buffer without bounds validation, allowing oversized input to overwrite adjacent memory. On MIPS/ARM SOHO devices of this class, such overflows typically lead to control-flow hijack or device crash. The affected CPE is cpe:2.3:a:edimax:br-6428ns:*:*:*:*:*:*:*:* with version 1.10 explicitly named.
RemediationAI
No vendor-released patch identified at time of analysis - Edimax did not respond to the disclosure, and the BR-6428NS is a legacy/likely end-of-life device, so users should plan for hardware replacement with a currently supported router as the durable fix. As compensating controls until replacement, disable remote/WAN-side administration on the device (admin console should be reachable only from a trusted LAN segment), enforce a strong unique admin password to raise the bar against the PR:L precondition, and place the router's management interface behind a firewall rule blocking inbound TCP to the HTTP admin port from untrusted networks; the trade-off is loss of remote management convenience. Monitor the VulDB entry at https://vuldb.com/vuln/365242 for any updated vendor response, and segment the device away from sensitive internal networks since a compromised router enables pivoting, DNS tampering, and traffic interception.
Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt me
Stack buffer overflow in the Edimax BR-6428NS router firmware version 1.10 allows authenticated remote attackers to corr
Stack buffer overflow in the Edimax BR-6428NS 1.10 wireless router allows authenticated remote attackers to corrupt memo
Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticate
Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command exec
Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system c
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31528
GHSA-qc2w-vjr4-c222