Which versions of Edimax BR-6478AC are affected by CVE-2026-9442?

Edimax BR-6478AC wireless router version 1.23 contains a stack overflow vulnerability (CVE-2026-9442, CVSS 7.4) affecting the web management interface that allows authenticated administrators to…

Is there a public PoC exploit available for CVE-2026-9442?

Yes, a public proof-of-concept exploit is available for CVE-2026-9442. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-9442?

Within 24 hours: Scan for and inventory all Edimax BR-6478AC v1.23 units in production; disable remote management access from untrusted networks and restrict local admin interface access to whitelisted IP addresses. Within 7 days: Implement firewall rules blocking unauthorized access to /goform/formiNICSiteSurvey endpoint; establish monitoring for failed administrative authentication attempts and memory corruption errors in router logs. Within 30 days: Identify alternative router models with current security updates and develop replacement timeline, or monitor Edimax vendor advisories (https://www.edimax.com/) for CVE-2026-9442 patch availability.

Edimax BR-6478AC CVE-2026-9442

Q: What is the CVSS score of CVE-2026-9442?

CVE-2026-9442 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31653 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-25 VulDB

GHSA-vrwj-7pfm-fv87

Buffer Overflow Br 6478Ac

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:51 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack/buffer overflow in the Edimax BR-6478AC 1.23 wireless router's web management interface allows authenticated remote attackers to corrupt memory by submitting an oversized selSSID parameter to /goform/formiNICSiteSurvey, with publicly available exploit code exists and no vendor response to coordinated disclosure. The flaw affects the formiNICSiteSurvey POST request handler and yields high impact on confidentiality, integrity, and availability of the device. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed BR-6478AC admin UI

Delivery

Obtain low-priv web credentials

Exploit

POST crafted selSSID to /goform/formiNICSiteSurvey

Execution

Overflow stack buffer in handler

Persist

Hijack control flow on router

Impact

Execute code or persist on device