Which versions of Edimax EW-7438RPn are affected by CVE-2026-9459?

Edimax EW-7438RPn wireless range extenders (firmware 1.31) are vulnerable to remote exploitation that could disrupt device operation, intercept network traffic, or enable attacker access to the…

Is there a public PoC exploit available for CVE-2026-9459?

Yes, a public proof-of-concept exploit is available for CVE-2026-9459. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-9459?

Within 24 hours: inventory all Edimax EW-7438RPn devices on network and document those with internet accessibility. Within 7 days: implement network segmentation to isolate affected devices, block internet egress, or restrict access to the /goform/formConnectionSetting endpoint via firewall rules. Within 30 days: complete migration to patched wireless range extender models.

Edimax EW-7438RPn CVE-2026-9459

Q: What is the CVSS score of CVE-2026-9459?

CVE-2026-9459 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31675 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-25 VulDB

GHSA-hwrg-8cjq-3gj6

Stack Overflow Buffer Overflow Ew 7438Rpn

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:48 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max_Conn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privileges to corrupt memory by sending crafted max_Conn or timeOut parameters to /goform/formConnectionSetting. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving deployed devices unpatched. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Reach device web UI on LAN

Delivery

Authenticate with low-privilege admin credentials

Exploit

POST oversized max_Conn/timeOut to /goform/formConnectionSetting

Install

Overflow stack buffer in formConnectionSetting

Hijack saved return address

Execute

Execute code as web server on device

Impact

Pivot or intercept LAN traffic