Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
OS command injection in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 allows authenticated remote attackers to execute arbitrary system commands via the formWizSurvey web interface. The vulnerability exists in the /goform/formWizSurvey endpoint where input validation fails on the ip, mask, and gateway parameters. Publicly available exploit code exists (GitHub POC published), though no active exploitation has been confirmed by CISA KEV. EPSS data not available for this recent CVE. Vendor notified but non-responsive, indicating no official patch is forthcoming.
Technical ContextAI
This vulnerability targets the webs HTTP server component of Edimax EW-7438RPn WiFi range extender firmware. The formWizSurvey function in /goform/formWizSurvey processes network configuration parameters (IP address, subnet mask, gateway) without proper sanitization, allowing shell metacharacters to be injected into system calls. CWE-78 (OS Command Injection) occurs when untrusted data is passed to a system shell interpreter. The CPE string cpe:2.3:a:edimax:ew-7438rpn identifies this as affecting the EW-7438RPn product line through firmware version 1.31. The webs server is a common embedded HTTP server used in consumer networking devices, typically running with elevated privileges to manage network configurations.
RemediationAI
No vendor-released patch identified at time of analysis - Edimax was notified but did not respond per the disclosure timeline documented at https://vuldb.com/submit/813889. Without official firmware updates, organizations must implement compensating controls: (1) Restrict administrative interface access to trusted management networks only by configuring firewall rules to block WAN-side access to the web interface (typically TCP port 80/443) - this prevents remote exploitation but does not protect against LAN-based attackers. (2) Change default administrative credentials immediately to complex passwords (16+ characters) to prevent credential-based access - note this only raises the bar but does not eliminate the vulnerability. (3) Monitor device logs for unusual configuration changes or repeated authentication failures. (4) Consider replacing affected devices with actively maintained alternatives if this product is deployed in security-sensitive environments, as vendor non-responsiveness indicates end-of-support status. For detailed vulnerability analysis, see https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_5/5.md.
More in Ew 7438Rpn
View allBuffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31558
GHSA-f3jx-hr96-xf98