Which versions of Edimax EW-7438RPn are affected by EUVD-2026-31557?

Edimax EW-7438RPn WiFi range extenders running firmware version 1.31 and earlier contain a stack-based buffer overflow vulnerability that allows authenticated attackers to execute arbitrary code on…

Is there a public PoC exploit available for EUVD-2026-31557?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31557. Prioritise patching immediately. EPSS: 0.0%.

Edimax EW-7438RPn EUVD-2026-31557

Q: What is the CVSS score of EUVD-2026-31557?

EUVD-2026-31557 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9348 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-24 VulDB

GHSA-q3f6-qj3x-v67j

Buffer Overflow Stack Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 26, 2026 - 19:37 vuln.today

cvss_changed

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 24, 2026 - 03:45 vuln.today

DescriptionNVD

A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code by sending malicious input to the /goform/mp endpoint in the web server component. Public exploit code exists on GitHub, though the vulnerability is not listed in CISA KEV. …

RemediationAI

Within 24 hours: Inventory all Edimax EW-7438RPn devices in production and document current firmware versions. Within 7 days: Restrict network access to affected devices by implementing access control lists (ACLs) to limit management traffic to trusted IP ranges only, and change all default credentials. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31557 vulnerability details – vuln.today

Back

Edimax EW-7438RPn EUVD-2026-31557

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Edimax EW-7438RPn EUVD-2026-31557

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code