Which versions of Edimax EW-7438RPn are affected by CVE-2026-9346?

Edimax EW-7438RPn WiFi range extenders running firmware version 1.31 and earlier contain a critical remote code execution vulnerability that allows authenticated attackers to execute arbitrary…

Is there a public PoC exploit available for CVE-2026-9346?

Yes, a public proof-of-concept exploit is available for CVE-2026-9346. Prioritise patching immediately. EPSS: 0.0%.

Edimax EW-7438RPn CVE-2026-9346

Q: What is the CVSS score of CVE-2026-9346?

CVE-2026-9346 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31559 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-24 VulDB

GHSA-w75f-j2p5-wgvr

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 26, 2026 - 19:37 vuln.today

cvss_changed

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 24, 2026 - 01:45 vuln.today

DescriptionNVD

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code via crafted POST requests to the wireless table management interface. The vulnerability affects the formWirelessTbl function when processing the submit-url parameter, with publicly available exploit code on GitHub demonstrating the attack method.

RemediationAI

Within 24 hours: Inventory all Edimax EW-7438RPn devices and document current firmware versions; audit administrative account credentials for strength and exposure. Within 7 days: Disable remote management interfaces where operationally feasible; restrict administrative access to trusted networks only via firewall rules; consider temporarily isolating affected extenders from critical network segments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9346 vulnerability details – vuln.today

Back

Edimax EW-7438RPn CVE-2026-9346

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax EW-7438RPn CVE-2026-9346

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code