Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/comd/initgain/txcck/txofdm leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in Edimax EW-7438RPn 1.28a allows authenticated remote attackers to execute arbitrary system commands via crafted POST parameters to the /goform/formHwSet endpoint. The vulnerability affects the formHwSet function's handling of multiple configuration parameters including Antenna, Mcs, regDomain, MAC addresses, SSID, and channel settings. Public exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation, though CISA KEV does not list active widespread exploitation at time of analysis.
Technical ContextAI
This is an OS command injection vulnerability (CWE-77) in the web management interface of the Edimax EW-7438RPn wireless range extender firmware version 1.28a. The formHwSet function in the POST request handler at /goform/formHwSet fails to properly sanitize user-supplied input across multiple configuration parameters before passing them to system command execution contexts. The vulnerable parameters span critical device configuration fields: Antenna settings, Mcs (modulation and coding scheme), regulatory domain, multiple network interface MAC addresses (nic0Addr, nic1Addr, wlanAddr, wanAddr), wireless SSID, channel selection, and low-level radio parameters (initgain, txcck, txofdm, comd). This suggests inadequate input validation in the device's embedded Linux firmware configuration subsystem, allowing attackers to inject shell metacharacters or command separators that break out of intended parameter contexts and execute arbitrary commands with the privileges of the web server process, typically root on embedded devices.
RemediationAI
No vendor-released patch identified at time of analysis - Edimax did not respond to vulnerability disclosure. Immediate compensating controls: Disable remote management access to the web interface and restrict administrative access to trusted local network segments only, accepting that configuration changes require physical network presence. Change default administrative credentials immediately to complex unique passwords, as authentication is the primary barrier to exploitation. If remote management is required, implement network-level access controls (firewall rules permitting only specific source IPs, VPN-only access) and deploy intrusion detection monitoring for POST requests to /goform/formHwSet with unusual parameter patterns. Consider replacing the device with actively supported hardware from vendors with established security response programs, as the complete vendor non-responsiveness indicates likely abandonment. Monitor https://vuldb.com/vuln/365322 and vendor channels for any future patches, though none are anticipated given current vendor silence.
More in Ew 7438Rpn
View allBuffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31570
GHSA-6wph-6rqf-chq4