Skip to main content

Edimax EW-7438RPn CVE-2026-9345

| EUVDEUVD-2026-31555 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-24 VulDB GHSA-r23w-53vr-mr47
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Re-analysis Queued
May 26, 2026 - 19:37 vuln.today
cvss_changed
CVSS changed
May 26, 2026 - 19:37 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 24, 2026 - 01:45 vuln.today

DescriptionCVE.org

A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attackers to execute arbitrary code by sending malformed parameters to the device configuration interface. The vulnerability affects the formWizSurvey function in /goform/formWizSurvey when processing ssid, manualssid, ip, mask, or gateway parameters, with publicly available exploit code existing on GitHub.

Technical ContextAI

The Edimax EW-7438RPn is a WiFi range extender/repeater device. The vulnerability is a classic buffer overflow (CWE-120) in the web server component (webs) that handles device configuration. When the formWizSurvey function processes network configuration parameters during the setup wizard, it fails to properly validate input length before copying data to fixed-size buffers. The affected CPE identifier cpe:2.3:a:edimax:ew-7438rpn:*:*:*:*:*:*:*:* indicates all versions are potentially affected, though the description specifically mentions versions up to 1.31.

RemediationAI

No vendor-released patch identified at time of analysis. The vendor was contacted but did not respond to the disclosure. As immediate compensating controls, restrict network access to the device's web interface to trusted IP addresses only, ensure strong non-default credentials are configured, and consider placing the device behind a firewall that blocks external access to the management interface. Monitor for suspicious POST requests to /goform/formWizSurvey containing oversized parameter values. Consider replacing the device with a supported alternative if the vendor continues to be unresponsive.

CVE-2026-9346 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack

CVE-2026-9482 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi

CVE-2026-9481 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9480 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg

CVE-2026-9479 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at

CVE-2026-9463 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup

CVE-2026-9462 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker

CVE-2026-9461 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9460 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m

CVE-2026-9459 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

CVE-2026-9427 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to

CVE-2026-9426 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

Share

CVE-2026-9345 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy