Which versions of Edimax EW-7438RPn are affected by CVE-2026-9345?

Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 contain a high-severity buffer overflow vulnerability that allows authenticated attackers to execute arbitrary code on affected…

Is there a public PoC exploit available for CVE-2026-9345?

Yes, a public proof-of-concept exploit is available for CVE-2026-9345. Prioritise patching immediately. EPSS: 0.0%.

Edimax EW-7438RPn CVE-2026-9345

Q: What is the CVSS score of CVE-2026-9345?

CVE-2026-9345 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31555 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-24 VulDB

GHSA-r23w-53vr-mr47

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 26, 2026 - 19:37 vuln.today

cvss_changed

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 24, 2026 - 01:45 vuln.today

DescriptionNVD

A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attackers to execute arbitrary code by sending malformed parameters to the device configuration interface. The vulnerability affects the formWizSurvey function in /goform/formWizSurvey when processing ssid, manualssid, ip, mask, or gateway parameters, with publicly available exploit code existing on GitHub.

RemediationAI

Within 24 hours: Inventory all Edimax EW-7438RPn devices in your environment and document current firmware versions. Within 7 days: Isolate affected devices (firmware ≤1.31) to segregated networks if possible, implement network access controls restricting configuration interface access to authorized administrators only, and monitor device logs for suspicious configuration parameter submissions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9345 vulnerability details – vuln.today

Back

Edimax EW-7438RPn CVE-2026-9345

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax EW-7438RPn CVE-2026-9345

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code