Which versions of Edimax EW-7438RPn are affected by CVE-2026-9426?

The Edimax EW-7438RPn wireless range extender (version 1.31) contains a remote code execution vulnerability for which publicly available exploit code exists.

Is there a public PoC exploit available for CVE-2026-9426?

Yes, a public proof-of-concept exploit is available for CVE-2026-9426. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-9426?

Within 24 hours: Audit network inventory to identify all Edimax EW-7438RPn v1.31 units and map their business criticality and network location. Within 7 days: Implement network segmentation (VLAN/firewall rules) to restrict device access to trusted sources only, and evaluate the feasibility of replacement with alternative equipment from vendors with active security support. Within 30 days: Complete either device replacement or finalize long-term mitigation controls; ensure all affected units are documented in a monitored inventory.

Edimax EW-7438RPn CVE-2026-9426

Q: What is the CVSS score of CVE-2026-9426?

CVE-2026-9426 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31632 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-25 VulDB

GHSA-gw85-4wrc-rp3f

Stack Overflow Buffer Overflow Ew 7438Rpn

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:50 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privileges to corrupt memory and likely achieve code execution by manipulating multiple parameters (Anntena, Mcs, regDomain, nic0Addr/nic1Addr/wlanAddr/wanAddr, wlanSSID, wlanChan, initgain, txcck, txofdm, submit-url) sent to the formHwSet handler at /goform/formHwSet. Publicly available exploit code exists on GitHub, but EPSS rates real-world exploitation probability at only 0.04% (13th percentile) and the issue is not in CISA KEV. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Reach extender web UI on LAN

Delivery

Authenticate with low-priv/default credentials

Exploit

POST oversized parameter to /goform/formHwSet

Install

Overflow stack buffer in formHwSet

Hijack saved return address

Execute

Execute shellcode as root

Impact

Pivot or persist on local network