Skip to main content

Edimax EW-7438RPn CVE-2026-9359

| EUVDEUVD-2026-31570 LOW
Command Injection (CWE-77)
2026-05-24 VulDB GHSA-6wph-6rqf-chq4
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 26, 2026 - 19:37 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 19:37 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 24, 2026 - 06:46 vuln.today

DescriptionCVE.org

A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/comd/initgain/txcck/txofdm leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Edimax EW-7438RPn 1.28a allows authenticated remote attackers to execute arbitrary system commands via crafted POST parameters to the /goform/formHwSet endpoint. The vulnerability affects the formHwSet function's handling of multiple configuration parameters including Antenna, Mcs, regDomain, MAC addresses, SSID, and channel settings. Public exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation, though CISA KEV does not list active widespread exploitation at time of analysis.

Technical ContextAI

This is an OS command injection vulnerability (CWE-77) in the web management interface of the Edimax EW-7438RPn wireless range extender firmware version 1.28a. The formHwSet function in the POST request handler at /goform/formHwSet fails to properly sanitize user-supplied input across multiple configuration parameters before passing them to system command execution contexts. The vulnerable parameters span critical device configuration fields: Antenna settings, Mcs (modulation and coding scheme), regulatory domain, multiple network interface MAC addresses (nic0Addr, nic1Addr, wlanAddr, wanAddr), wireless SSID, channel selection, and low-level radio parameters (initgain, txcck, txofdm, comd). This suggests inadequate input validation in the device's embedded Linux firmware configuration subsystem, allowing attackers to inject shell metacharacters or command separators that break out of intended parameter contexts and execute arbitrary commands with the privileges of the web server process, typically root on embedded devices.

RemediationAI

No vendor-released patch identified at time of analysis - Edimax did not respond to vulnerability disclosure. Immediate compensating controls: Disable remote management access to the web interface and restrict administrative access to trusted local network segments only, accepting that configuration changes require physical network presence. Change default administrative credentials immediately to complex unique passwords, as authentication is the primary barrier to exploitation. If remote management is required, implement network-level access controls (firewall rules permitting only specific source IPs, VPN-only access) and deploy intrusion detection monitoring for POST requests to /goform/formHwSet with unusual parameter patterns. Consider replacing the device with actively supported hardware from vendors with established security response programs, as the complete vendor non-responsiveness indicates likely abandonment. Monitor https://vuldb.com/vuln/365322 and vendor channels for any future patches, though none are anticipated given current vendor silence.

CVE-2026-9346 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack

CVE-2026-9345 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac

CVE-2026-9482 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi

CVE-2026-9481 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9480 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg

CVE-2026-9479 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at

CVE-2026-9463 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup

CVE-2026-9462 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker

CVE-2026-9461 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9460 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m

CVE-2026-9459 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

CVE-2026-9427 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to

Share

CVE-2026-9359 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy