Which versions of Edimax EW-7438RPn are affected by CVE-2026-9480?

Edimax EW-7438RPn Wi-Fi range extenders (version 1.31) contain a remotely exploitable stack-based buffer overflow that allows low-privilege attackers to corrupt device memory and potentially execute…

Is there a public PoC exploit available for CVE-2026-9480?

Yes, a public proof-of-concept exploit is available for CVE-2026-9480. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-9480?

Within 24 hours: Conduct network inventory scan to identify all Edimax EW-7438RPn devices in production and document their placement, connected assets, and network sensitivity classification. Within 7 days: Isolate affected devices to a dedicated VLAN with restricted egress controls; deploy firewall rules blocking inbound access to the /goform/formrefresh endpoint and implement IP-based management interface ACLs. Within 30 days: Procure replacement range extenders from vendors with demonstrated patching track records; execute hardware decommissioning program and document removal of all EW-7438RPn units from production.

Edimax EW-7438RPn CVE-2026-9480

Q: What is the CVSS score of CVE-2026-9480?

CVE-2026-9480 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31713 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-25 VulDB

GHSA-3h8q-f835-m698

Stack Overflow Buffer Overflow Ew 7438Rpn

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:53 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileges to corrupt memory via the submit-url parameter handled by the formrefresh function at /goform/formrefresh. Publicly available exploit code exists per VulDB, though EPSS scoring (0.04%) suggests limited mass exploitation activity, and the vendor has not responded to the disclosure, leaving devices without an official fix.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Reach EW-7438RPn web interface

Delivery

Authenticate with low-priv credentials

Exploit

Send crafted POST to /goform/formrefresh

Execution

Overflow stack via submit-url parameter

Persist

Overwrite saved return address

Impact

Execute shellcode on extender