Which versions of Edimax EW-7438RPn are affected by CVE-2026-9344?

Edimax EW-7438RPn WiFi range extenders (firmware ≤1.31) contain a stack-based buffer overflow in the WPS configuration interface that allows authenticated attackers to crash devices or execute…

Is there a public PoC exploit available for CVE-2026-9344?

Yes, a public proof-of-concept exploit is available for CVE-2026-9344. Prioritise patching immediately. EPSS: 0.0%.

Edimax EW-7438RPn CVE-2026-9344

Q: What is the CVSS score of CVE-2026-9344?

CVE-2026-9344 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31556 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-24 VulDB

GHSA-ccvm-7xq8-8rx8

Buffer Overflow Stack Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 26, 2026 - 19:37 vuln.today

cvss_changed

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 24, 2026 - 00:41 vuln.today

DescriptionNVD

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 allows authenticated remote attackers to crash or execute code on the device by sending malicious input to the WPS configuration interface. The vulnerability occurs when processing the pinCode or wlan-url parameters in /goform/formWpsStart, with publicly available exploit code on GitHub demonstrating the attack.

RemediationAI

Within 24 hours: Identify all Edimax EW-7438RPn devices in production and document firmware versions via administrative access. Within 7 days: Isolate affected devices from trusted networks or disable remote WPS configuration via administrative settings if firmware update is not available; contact Edimax support for patch timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9344 vulnerability details – vuln.today

Back

Edimax EW-7438RPn CVE-2026-9344

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax EW-7438RPn CVE-2026-9344

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code