Skip to main content

Edimax EW-7438RPn CVE-2026-9343

| EUVDEUVD-2026-31553 LOW
OS Command Injection (CWE-78)
2026-05-23 VulDB GHSA-5fv5-xxvr-vx32
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 26, 2026 - 19:37 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 19:37 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 23, 2026 - 23:30 vuln.today

DescriptionCVE.org

A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

OS command injection in Edimax EW-7438RPn firmware (versions up to 1.31) allows authenticated remote attackers to execute arbitrary system commands via the pinCode parameter in the formWpsStart function. Public exploit code is available on GitHub, enabling low-complexity attacks against the WPS configuration interface. The vendor has not responded to vulnerability disclosure, leaving no official patch available. EPSS data not provided, but public POC availability significantly increases exploitation risk for internet-exposed devices with weak admin credentials.

Technical ContextAI

This vulnerability affects the WPS (Wi-Fi Protected Setup) configuration functionality in Edimax EW-7438RPn wireless range extenders running firmware 1.31 and earlier. The flaw resides in the formWpsStart function within the /goform/formWpsStart endpoint of the webs web server component. The vulnerability is a classic CWE-78 OS command injection, where user-supplied input to the pinCode parameter is passed to system shell commands without proper sanitization or validation. This allows an authenticated attacker to break out of the intended command context by injecting shell metacharacters and execute arbitrary operating system commands with the privileges of the web server process, likely running as root or an elevated user on embedded firmware.

RemediationAI

No vendor-released patch exists at time of analysis - Edimax did not respond to vulnerability disclosure per VulDB reports. Recommended compensating controls with trade-offs: (1) Disable remote web management access and restrict administrative interface to local network only via firewall rules, which prevents remote exploitation but may complicate remote device management; (2) Change default administrative credentials to strong unique passwords immediately (minimum 16 characters, complexity), reducing attack surface from credential-based attacks but not eliminating the vulnerability for already-authenticated sessions; (3) Disable WPS functionality entirely if not operationally required, as the vulnerable formWpsStart endpoint is part of WPS configuration - this eliminates the attack vector but removes WPS convenience features; (4) Place affected devices behind network segmentation or VLANs with strict access controls to limit blast radius if compromised; (5) Monitor device logs and network traffic for suspicious POST requests to /goform/formWpsStart with anomalous pinCode parameters; (6) For high-security environments, replace devices with alternative vendor products that maintain active security response programs. Exploit details available at https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_1/1.md for defensive analysis. Additional context at https://vuldb.com/vuln/365306.

CVE-2026-9346 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack

CVE-2026-9345 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac

CVE-2026-9482 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi

CVE-2026-9481 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9480 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg

CVE-2026-9479 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at

CVE-2026-9463 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup

CVE-2026-9462 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker

CVE-2026-9461 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9460 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m

CVE-2026-9459 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

CVE-2026-9427 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to

Share

CVE-2026-9343 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy