Which versions of Edimax BR-6675nD are affected by EUVD-2026-31592?

Edimax BR-6675nD router deployments running firmware 1.12 are vulnerable to network-based attacks enabling unauthorized code execution and system compromise; publicly available exploit code exists…

Is there a public PoC exploit available for EUVD-2026-31592?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31592. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-31592?

Within 24 hours: Inventory all Edimax BR-6675nD 1.12 devices in production and document network accessibility and critical dependencies. Within 7 days: Restrict management interface access to affected devices; disable L2TP configuration access if not operationally required; contact Edimax support to confirm patch development timeline. Within 30 days: Develop and deploy replacement or firmware upgrade strategy; implement logging and alerting on L2TP configuration endpoints for all affected devices.

Edimax BR-6675nD EUVD-2026-31592

Q: What is the CVSS score of EUVD-2026-31592?

EUVD-2026-31592 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9380 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-24 VulDB

GHSA-9cpg-3r7v-63jc

Buffer Overflow Br 6675Nd

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:49 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack/heap buffer overflow in Edimax BR-6675nD 1.12 routers allows authenticated remote attackers to corrupt memory via an oversized L2TPUserName parameter sent to the /goform/formL2TPSetup endpoint, with publicly available exploit code exists. The vendor was notified early but has not responded, and no patch has been released, leaving deployed devices exposed. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify exposed BR-6675nD admin interface

Delivery

Obtain credentials (default/reuse/brute-force)

Exploit

Authenticate to web UI

Install

Send crafted POST to /goform/formL2TPSetup with oversized L2TPUserName

Overflow buffer and hijack control flow

Execute

Execute shellcode as root on device

Impact

Pivot to LAN or enroll in botnet