Which versions of Edimax BR-6675nD are affected by CVE-2026-9403?

An unpatched vulnerability in Edimax BR-6675nD wireless routers (version 1.12) poses potential code execution risk to network infrastructure.

Is there a public PoC exploit available for CVE-2026-9403?

Yes, a public proof-of-concept exploit is available for CVE-2026-9403. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-9403?

Within 24 hours: Inventory all Edimax BR-6675nD devices running version 1.12 and document their role in network operations. Within 7 days: Implement access controls by restricting router management to internal-only networks, enforcing strong credentials, and disabling remote administration where feasible. Within 30 days: Initiate procurement of replacement routers from vendors with active security patch cycles and establish migration timeline within 90 days.

Edimax BR-6675nD CVE-2026-9403

Q: What is the CVSS score of CVE-2026-9403?

CVE-2026-9403 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31605 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-24 VulDB

GHSA-69c3-9259-5w7w

Buffer Overflow Br 6675Nd

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:50 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack/heap buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows authenticated remote attackers to corrupt memory by sending a crafted POST request with an oversized selSSID parameter to /goform/formWlSiteSurvey, potentially achieving code execution on the device. Publicly available exploit code exists (disclosed by VulDB), and the vendor was contacted early but did not respond, leaving the device without an official fix. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Reach router HTTP admin interface

Delivery

Authenticate with valid/default credentials

Exploit

Send POST to /goform/formWlSiteSurvey with oversized selSSID

Execution

Overflow fixed-size buffer in handler

Persist

Hijack control flow on embedded OS

Impact

Execute attacker code as web service user (typically root)