Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Buffer overflow in Edimax BR-6428nC router firmware (version 1.16 and earlier) allows authenticated remote attackers to execute arbitrary code via crafted pptpDfGateway parameter in the /goform/setWAN endpoint. A public proof-of-concept exploit exists demonstrating stack overflow exploitation. EPSS data not available, but the combination of remote attack vector, low complexity, and published exploit code indicates elevated real-world risk for exposed devices with default credentials.
Technical ContextAI
The vulnerability exists in the web management interface of the Edimax BR-6428nC wireless router, specifically affecting the setWAN configuration endpoint used for WAN/Internet connection settings. The pptpDfGateway parameter, intended to accept PPTP default gateway values, lacks proper input validation and boundary checking, allowing an attacker to overflow a stack-based buffer (CWE-120). This is a classic stack-based buffer overflow in embedded device firmware, where constrained memory environments and legacy C code often lack modern memory safety protections like stack canaries or ASLR. The CPE identifier cpe:2.3:a:edimax:br-6428nc:*:*:*:*:*:*:*:* confirms the affected product family, with version 1.16 explicitly mentioned as vulnerable.
RemediationAI
No vendor-released patch identified at time of analysis - Edimax did not respond to vulnerability disclosure. Organizations using BR-6428nC routers should implement defense-in-depth controls: (1) Disable remote/WAN-side administration completely and restrict web interface access to trusted LAN segments only via firewall rules or router ACLs, which prevents remote exploitation while maintaining local management capability but requires physical or VPN access for administration. (2) Change default administrative credentials to complex unique passwords (16+ characters) and enable account lockout if supported, reducing credential-based attack surface but not eliminating authenticated exploit risk. (3) Place affected routers behind a hardened perimeter firewall that performs deep packet inspection on administrative traffic, adding detection capability but introducing performance overhead and single point of failure. (4) Priority recommendation: replace with currently-supported router hardware from vendors with active security programs, as the combination of unpatched vulnerability, vendor non-responsiveness, and end-of-life status suggests systemic security risk beyond this single CVE. For detailed technical analysis of the exploit mechanism, see https://tzh00203.notion.site/Edimax-BR-6428nC-v1-16-setWAN-pptpDfGateway-Stack-Overflow-33db5c52018a80c1835dd4fab4b6c7f2 and VulDB entries at https://vuldb.com/vuln/360843.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26822