Which versions of Edimax EW-7438RPn are affected by EUVD-2026-31680?

The Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) contains a remotely exploitable stack buffer overflow that can corrupt device memory, with publicly available exploit code circulating and…

Is there a public PoC exploit available for EUVD-2026-31680?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31680. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-31680?

Within 24 hours: Inventory all deployed Edimax EW-7438RPn units running firmware 1.31; document network role and dependent client count for each. Within 7 days: Isolate affected devices to restricted network segments; restrict administrative access to trusted management VLANs only; document interim controls. Within 30 days: Execute hardware replacement with patched Wi-Fi extender alternatives or establish permanent network-level containment with access control lists and monitoring.

Edimax EW-7438RPn EUVD-2026-31680

Q: What is the CVSS score of EUVD-2026-31680?

EUVD-2026-31680 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9461 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-25 VulDB

GHSA-68hc-jq62-w8v4

Stack Overflow Buffer Overflow Ew 7438Rpn

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:36 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated attackers to corrupt memory by sending an oversized submit-url parameter to the formRadius handler at /goform/formRadius. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure attempts, leaving the device without a confirmed fix. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Reach device web UI on LAN/WAN

Delivery

Authenticate with low-privilege credentials

Exploit

Send POST to /goform/formRadius with oversized submit-url

Execution

Overflow stack buffer in formRadius handler

Persist

Hijack saved return address for code execution

Impact

Gain root on extender and pivot/intercept traffic