Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrupt memory by submitting an oversized submit-url parameter to the formLicence handler at /goform/formLicence. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, leaving deployed devices without a fix. EPSS exploitation probability remains low (0.04%, 13th percentile) despite the public POC, indicating limited but credible risk for exposed devices.
Technical ContextAI
The EW-7438RPn is a consumer/SOHO Wi-Fi range extender whose embedded web management interface exposes CGI-style endpoints under /goform/. The formLicence handler copies the submit-url request argument into a fixed-size stack buffer without bounds checking, which is the textbook CWE-121 (Stack-based Buffer Overflow) pattern common to MIPS/ARM embedded firmware. Successful corruption of the saved return address or adjacent stack frames can divert control flow inside the httpd process, with the typical outcome on such devices being a denial of service or, where stack protections are absent, arbitrary code execution as the web server user (commonly root in embedded Linux).
RemediationAI
No vendor-released patch identified at time of analysis - Edimax did not respond to coordinated disclosure per the VulDB submission (https://vuldb.com/vuln/365444). As compensating controls, restrict access to the device's web management interface to a dedicated management VLAN or trusted host (the formLicence endpoint is reachable only after login, but PR:L is easily satisfied by default/weak credentials), change the default administrator password to a strong unique value, and block inbound access to the HTTP/HTTPS admin ports from the WAN side - most home/SOHO deployments only need LAN-side administration so this has minimal operational impact. Where feasible, replace the EW-7438RPn with a currently supported model, since the lack of vendor engagement suggests other unpatched issues on the same firmware are likely; consult the published exploit at https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_16/16.md to validate detection signatures for IDS/IPS in front of the device.
More in Ew 7438Rpn
View allBuffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31681
GHSA-6f7r-pghg-2j5f