Skip to main content

Edimax BR-6675nD EUVD-2026-31596

| CVE-2026-9382 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-24 VulDB GHSA-2jp2-2mm5-5h78
Buffer Overflow Br 6675Nd
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 09:49 vuln.today
CVSS changed
May 26, 2026 - 19:37 NVD
8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack buffer overflow in the Edimax BR-6675nD 1.12 router's PPTP setup handler allows remote authenticated attackers to corrupt memory and potentially execute arbitrary code via an oversized pptpUserName POST parameter to /goform/formPPTPSetup. Publicly available exploit code exists (SSVC: PoC), though EPSS estimates exploitation probability at only 0.04% (13th percentile), reflecting the niche, end-of-life nature of the device. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed BR-6675nD web UI
Delivery
Obtain admin credentials (default/reuse/CSRF)
Exploit
Send crafted POST to /goform/formPPTPSetup
Execution
Overflow pptpUserName stack buffer
Persist
Hijack control flow on router
Impact
Persist on device and pivot to LAN
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target device is an Edimax BR-6675nD running firmware 1.12 with the web administration interface reachable by the attacker and that the attacker holds valid admin-level credentials (CVSS PR:L), since /goform/formPPTPSetup is a post-login configuration endpoint for the PPTP feature. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H scores 7.4, indicating low-complexity network exploitation requiring low privileges (PR:L - i.e., an authenticated admin session) with total impact on confidentiality, integrity, and availability of the device. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained admin credentials to the router's web UI - for example via default credentials, credential reuse, or a CSRF-style trick against an authenticated admin - sends a crafted POST to /goform/formPPTPSetup containing an oversized pptpUserName value, overflowing the stack buffer and overwriting saved return state to hijack execution on the MIPS/ARM router CPU. Because a public PoC has been published on the referenced Notion writeup, replication requires little reverse engineering, and successful exploitation typically yields full control of the router for traffic interception, DNS hijacking, or pivoting to the LAN.
Remediation No vendor-released patch identified at time of analysis - Edimax did not respond to the disclosure, so administrators should treat the BR-6675nD 1.12 as unsupported and plan replacement with a currently-maintained router as the primary remediation. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit network inventory to identify and document any Edimax BR-6675nD routers; disable PPTP if not essential. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31596 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy