EUVD-2026-31591
GHSA-rw38-jf8v-3hg8
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows remote attackers to corrupt memory by sending a malicious pppUserName parameter to the /goform/formPPPoESetup endpoint. Publicly available exploit code exists, raising the risk of opportunistic targeting despite a low EPSS score of 0.04%, and the vendor has not responded to coordinated disclosure attempts.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the BR-6675nD's HTTP management interface (typically TCP/80 on the LAN, or WAN if remote administration is enabled) and low-privileged authenticated access to the admin panel as indicated by CVSS PR:L, since the /goform/formPPPoESetup endpoint sits behind the router's login. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H scores 7.4 and indicates network-reachable, low-complexity exploitation, but requires low privileges (PR:L) - meaning an authenticated session on the web admin interface is needed, which is consistent with the /goform/formPPPoESetup endpoint typically being behind admin authentication. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the LAN - or on the internet if remote admin is enabled - who has obtained admin credentials (default, brute-forced, or phished) sends a crafted POST request to /goform/formPPPoESetup with an oversized pppUserName field, triggering the stack buffer overflow. Using the publicly available PoC documented on notion.site, the attacker may crash the router (denial of service) or, if a working ROP chain against the device's MIPS/ARM firmware is developed, achieve code execution as the web server process to pivot into the internal network. |
| Remediation | No vendor-released patch identified at time of analysis - the vendor was contacted early about this disclosure but did not respond. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct full inventory of Edimax BR-6675nD routers via asset management system; restrict administrative access to these devices to authorized personnel only and relocate management access to an isolated network segment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today