EUVD-2026-31714
GHSA-wxj6-68gg-rh5m
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privilege credentials to corrupt memory via a crafted submit-url parameter sent to the formSDHCP handler at /goform/formSDHCP. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), but EPSS is only 0.04% and the vendor has not responded to coordinated disclosure, leaving the device unpatched.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must have network reachability to the EW-7438RPn HTTP administration interface (normally LAN-side only) and valid low-privilege web UI credentials, per CVSS PR:L - exploitation is not zero-touch unauthenticated. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 reports 7.4 (High) with network attack vector, low complexity, low privileges required (PR:L - an authenticated session to the web UI is needed), no user interaction, and high impact to confidentiality, integrity, and availability of the device itself (scope unchanged). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same Wi-Fi network as the extender (for example a guest, a compromised IoT device, or someone who already cracked WPA2) authenticates to the web UI using default or guessed credentials, then issues a POST to /goform/formSDHCP with an oversized submit-url value crafted from the public PoC at github.com/wudipjq/my_vuln, overflowing the stack buffer. Depending on firmware mitigations the result is at minimum a denial of service (device reboot loop) and at worst arbitrary code execution as the web daemon, giving the attacker a persistent pivot into the trusted network. … |
| Remediation | No vendor-released patch identified at time of analysis - Edimax did not respond to VulDB's coordinated disclosure, so users of EW-7438RPn 1.31 should treat the device as permanently unpatched and apply compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct a network inventory to identify all Edimax EW-7438RPn devices running firmware version 1.31 and document their role in network architecture. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today