Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in Edimax EW-7438RPn 1.12 allows authenticated remote attackers to execute arbitrary OS commands via the 'method' parameter in the formEZCHNwlanSetup POST handler at /goform/formEZCHNwlanSetu. Public exploit code exists (CVSS E:P), enabling low-complexity attacks that compromise confidentiality, integrity, and availability at low impact levels. EPSS data not available. Not currently listed in CISA KEV, suggesting targeted rather than widespread exploitation. Vendor was notified but has not issued a patch or advisory.
Technical ContextAI
This vulnerability affects the wireless configuration interface of the Edimax EW-7438RPn Wi-Fi range extender, specifically version 1.12. The flaw resides in the formEZCHNwlanSetup function within the /goform/formEZCHNwlanSetu endpoint, which handles POST requests for EZ Channel wireless setup operations. The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command), commonly known as command injection. The 'method' parameter lacks proper input validation, allowing an authenticated attacker to inject shell metacharacters or command separators that are passed directly to system-level command execution functions. This type of vulnerability is typical in embedded device web management interfaces where user input is concatenated into shell commands without sanitization. The CPE identifier cpe:2.3:a:edimax:ew-7438rpn indicates this is categorized as application-level vulnerability in Edimax's networking hardware firmware.
RemediationAI
No vendor-released patch identified at time of analysis - Edimax did not respond to vulnerability disclosure per VulDB report. Immediate compensating controls required: (1) Disable remote management access to the device's web interface from untrusted networks by configuring firewall rules to restrict access to management ports (typically TCP 80/443) only from trusted administrator subnets; this prevents network-based exploitation but may complicate remote administration. (2) Change default administrative credentials to strong unique passwords (16+ characters, high entropy) to raise the authentication barrier, though this does not eliminate risk if credentials are later compromised. (3) Isolate affected devices on dedicated management VLANs with strict access control lists, limiting blast radius if compromise occurs; trade-off is increased network complexity. (4) Monitor device logs and network traffic for POST requests to /goform/formEZCHNwlanSetu containing shell metacharacters (semicolons, pipes, backticks, dollar signs) as potential exploitation indicators. (5) Consider replacing devices with alternative products from vendors with active security response programs if Edimax does not release firmware updates within organizational risk tolerance timeframes. Consult VulDB entries at https://vuldb.com/vuln/365326 and https://vuldb.com/vuln/365326/cti for ongoing status updates.
More in Ew 7438Rpn
View allBuffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrup
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31578
GHSA-96rp-83gj-hh58