Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
OS command injection in Edimax EW-7438RPn firmware (versions up to 1.31) allows authenticated remote attackers to execute arbitrary system commands via the pinCode parameter in the formWpsStart function. Public exploit code is available on GitHub, enabling low-complexity attacks against the WPS configuration interface. The vendor has not responded to vulnerability disclosure, leaving no official patch available. EPSS data not provided, but public POC availability significantly increases exploitation risk for internet-exposed devices with weak admin credentials.
Technical ContextAI
This vulnerability affects the WPS (Wi-Fi Protected Setup) configuration functionality in Edimax EW-7438RPn wireless range extenders running firmware 1.31 and earlier. The flaw resides in the formWpsStart function within the /goform/formWpsStart endpoint of the webs web server component. The vulnerability is a classic CWE-78 OS command injection, where user-supplied input to the pinCode parameter is passed to system shell commands without proper sanitization or validation. This allows an authenticated attacker to break out of the intended command context by injecting shell metacharacters and execute arbitrary operating system commands with the privileges of the web server process, likely running as root or an elevated user on embedded firmware.
RemediationAI
No vendor-released patch exists at time of analysis - Edimax did not respond to vulnerability disclosure per VulDB reports. Recommended compensating controls with trade-offs: (1) Disable remote web management access and restrict administrative interface to local network only via firewall rules, which prevents remote exploitation but may complicate remote device management; (2) Change default administrative credentials to strong unique passwords immediately (minimum 16 characters, complexity), reducing attack surface from credential-based attacks but not eliminating the vulnerability for already-authenticated sessions; (3) Disable WPS functionality entirely if not operationally required, as the vulnerable formWpsStart endpoint is part of WPS configuration - this eliminates the attack vector but removes WPS convenience features; (4) Place affected devices behind network segmentation or VLANs with strict access controls to limit blast radius if compromised; (5) Monitor device logs and network traffic for suspicious POST requests to /goform/formWpsStart with anomalous pinCode parameters; (6) For high-security environments, replace devices with alternative vendor products that maintain active security response programs. Exploit details available at https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_1/1.md for defensive analysis. Additional context at https://vuldb.com/vuln/365306.
More in Ew 7438Rpn
View allBuffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31553
GHSA-5fv5-xxvr-vx32