Which versions of Edimax BR-6428NS are affected by EUVD-2026-30720?

Edimax BR-6428NS routers (firmware 1.10) are vulnerable to a remote buffer overflow that allows authenticated attackers to corrupt device memory.

Is there a public PoC exploit available for EUVD-2026-30720?

Yes, a public proof-of-concept exploit is available for EUVD-2026-30720. Prioritise patching immediately. EPSS: 0.0%.

Edimax BR-6428NS EUVD-2026-30720

Q: What is the CVSS score of EUVD-2026-30720?

EUVD-2026-30720 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8776 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-18 VulDB

GHSA-cc9m-6hq9-85vh

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 18, 2026 - 02:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 18, 2026 - 02:22 vuln.today

cvss_changed

CVSS changed

May 18, 2026 - 02:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 18, 2026 - 01:43 vuln.today

DescriptionNVD

A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt memory by sending an overlong pptpUserName parameter to the /goform/formPPTPSetup endpoint. Publicly available exploit code exists per VulDB disclosure, and no public exploit identified at time of analysis in CISA KEV. …

RemediationAI

Within 24 hours: inventory all Edimax BR-6428NS routers in production and document their network role. Within 7 days: contact Edimax for any available firmware updates; if none exist, begin procurement of replacement router models with active vendor support. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-30720 vulnerability details – vuln.today

Back

Edimax BR-6428NS EUVD-2026-30720

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax BR-6428NS EUVD-2026-30720

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code