Skip to main content

Edimax BR-6428NS CVE-2026-9297

| EUVDEUVD-2026-31532 LOW
Command Injection (CWE-77)
2026-05-23 VulDB GHSA-gxpf-66ch-99jw
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 26, 2026 - 19:37 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 19:37 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 23, 2026 - 11:00 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticated attacker to execute arbitrary OS commands by manipulating the repeaterSSID parameter in a POST request to /goform/formWlbasic. A publicly available proof-of-concept exploit exists, raising the practical risk above what the moderate CVSS score of 6.3 alone suggests. The vendor was notified prior to disclosure but did not respond, meaning no vendor-supplied patch exists at time of analysis.

Technical ContextAI

The Edimax BR-6428NS is a consumer-grade wireless router exposing a CGI-based web management interface. The vulnerable component is the formWlbasic handler, a server-side function responsible for processing wireless basic configuration, including repeater (WISP/WDS) settings. The repeaterSSID argument - the SSID value for the repeater association - is passed directly into a system-level command without adequate sanitization, satisfying CWE-77 (Improper Neutralization of Special Elements used in a Command). This class of flaw occurs when user-supplied input containing shell metacharacters (e.g., semicolons, backticks, pipe operators) is interpolated into a shell command string executed by the device's operating system. The CPE string cpe:2.3:a:edimax:br-6428ns:*:*:*:*:*:*:*:* uses a wildcard version field, indicating NVD has not bounded the affected range beyond the confirmed 1.10 firmware.

RemediationAI

No vendor-released patch has been identified at time of analysis - the vendor did not respond to pre-disclosure contact, and no Edimax security advisory exists. As the primary compensating control, administrators should immediately disable remote (WAN-side) management access to the router's web interface if it is exposed to the internet, preventing unauthenticated network reachability to the vulnerable endpoint; note this does not protect against attacks from the LAN. LAN-side access can be restricted by binding management access to a dedicated VLAN or management network segment accessible only to trusted hosts, reducing the pool of potential authenticated attackers. Changing default credentials to a strong, unique password raises the authentication barrier and limits opportunistic exploitation, though this does not eliminate the vulnerability. Network-level filtering of POST requests to /goform/formWlbasic at a perimeter firewall or IPS can block exploitation attempts where inline inspection is available. Consider replacing the device with a supported model if no firmware update is released, as an unpatched command injection on a network edge device represents persistent long-term risk.

Share

CVE-2026-9297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy