Which versions of Edimax BR-6428NS are affected by CVE-2026-9295?

Organizations operating Edimax BR-6428NS routers (firmware v1.10) face immediate risk from an unpatched buffer overflow vulnerability in the management interface where publicly available exploit code…

Is there a public PoC exploit available for CVE-2026-9295?

Yes, a public proof-of-concept exploit is available for CVE-2026-9295. Prioritise patching immediately. EPSS: 0.0%.

Edimax BR-6428NS CVE-2026-9295

Q: What is the CVSS score of CVE-2026-9295?

CVE-2026-9295 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31528 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-23 VulDB

GHSA-qc2w-vjr4-c222

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 26, 2026 - 19:37 vuln.today

cvss_changed

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 23, 2026 - 08:15 vuln.today

DescriptionNVD

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to corrupt memory by submitting a crafted vapurl parameter to the formWirelessTbl POST handler at /goform/formWirelessTbl. Publicly available exploit code exists (released via VulDB and a Notion writeup), and the vendor has not responded to coordinated disclosure attempts. …

RemediationAI

24 hours: Audit all Edimax BR-6428NS devices to confirm which run firmware version 1.10, then map instances facing network exposure or untrusted user access. 7 days: For v1.10 devices still in use, restrict management interface access via firewall ACLs to block internet-facing exposure, disable remote management features, and require VPN authentication for all administrative access. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9295 vulnerability details – vuln.today

Back

Edimax BR-6428NS CVE-2026-9295

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax BR-6428NS CVE-2026-9295

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code