Skip to main content

Edimax EW-7438RPn CVE-2026-9346

| EUVDEUVD-2026-31559 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-24 VulDB GHSA-w75f-j2p5-wgvr
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Re-analysis Queued
May 26, 2026 - 19:37 vuln.today
cvss_changed
CVSS changed
May 26, 2026 - 19:37 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 24, 2026 - 01:45 vuln.today

DescriptionCVE.org

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code via crafted POST requests to the wireless table management interface. The vulnerability affects the formWirelessTbl function when processing the submit-url parameter, with publicly available exploit code on GitHub demonstrating the attack method.

Technical ContextAI

The Edimax EW-7438RPn is a WiFi range extender/repeater device. The vulnerability resides in the embedded web server component (webs) that handles device configuration through a web interface. The formWirelessTbl function at the /goform/formWirelessTbl endpoint processes wireless configuration table data without proper bounds checking on the submit-url parameter. This is a classic buffer overflow (CWE-120) where user-supplied data exceeds allocated memory boundaries, potentially overwriting adjacent memory regions including the execution stack.

RemediationAI

No vendor-released patch identified at time of analysis. The vendor was contacted but did not respond to the vulnerability disclosure. As immediate mitigation, restrict access to the device's web management interface by implementing strict firewall rules to allow only trusted IP addresses, disable remote management features if not required, and ensure strong administrative credentials are in use. Consider replacing the device with an alternative product if these mitigations are insufficient for your risk tolerance. Monitor the vendor's support page for any future firmware updates addressing this issue.

CVE-2026-9345 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac

CVE-2026-9482 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi

CVE-2026-9481 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9480 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg

CVE-2026-9479 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at

CVE-2026-9463 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup

CVE-2026-9462 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker

CVE-2026-9461 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9460 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m

CVE-2026-9459 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

CVE-2026-9427 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to

CVE-2026-9426 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

Share

CVE-2026-9346 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy