Which versions of Edimax EW-7438RPn are affected by CVE-2026-9360?

CVE-2026-9360 is a high-severity buffer overflow in Edimax EW-7438RPn Wi-Fi extenders (firmware 1.28a) that allows authenticated users to execute arbitrary code on affected devices.

Is there a public PoC exploit available for CVE-2026-9360?

Yes, a public proof-of-concept exploit is available for CVE-2026-9360. Prioritise patching immediately. EPSS: 0.0%.

Edimax EW-7438RPn CVE-2026-9360

Q: What is the CVSS score of CVE-2026-9360?

CVE-2026-9360 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31575 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-24 VulDB

GHSA-ffgh-x7gp-prmx

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 26, 2026 - 19:37 vuln.today

cvss_changed

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 24, 2026 - 07:45 vuln.today

DescriptionNVD

A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in Edimax EW-7438RPn Wi-Fi range extender firmware 1.28a enables authenticated remote attackers to execute arbitrary code via malformed POST requests to the wireless encryption configuration endpoint. The vulnerability requires low-privilege authentication and has publicly available exploit code. …

RemediationAI

Within 24 hours: inventory all Edimax EW-7438RPn devices in your environment and identify firmware versions; document network placement and connected systems. Within 7 days: isolate affected extenders to segregated networks or disable them pending vendor guidance; restrict administrative access to these devices to trusted personnel only; monitor for suspicious POST requests to wireless configuration endpoints. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9360 vulnerability details – vuln.today

Back

Edimax EW-7438RPn CVE-2026-9360

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax EW-7438RPn CVE-2026-9360

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code