Skip to main content

Edimax EW-7438RPn EUVDEUVD-2026-31681

| CVE-2026-9463 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-25 VulDB GHSA-6f7r-pghg-2j5f
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVE Published
Jun 22, 2026 - 06:03 cve.org
HIGH 7.4
Analysis Generated
Jun 08, 2026 - 09:15 vuln.today
CVSS changed
May 26, 2026 - 20:07 NVD
8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrupt memory by submitting an oversized submit-url parameter to the formLicence handler at /goform/formLicence. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, leaving deployed devices without a fix. EPSS exploitation probability remains low (0.04%, 13th percentile) despite the public POC, indicating limited but credible risk for exposed devices.

Technical ContextAI

The EW-7438RPn is a consumer/SOHO Wi-Fi range extender whose embedded web management interface exposes CGI-style endpoints under /goform/. The formLicence handler copies the submit-url request argument into a fixed-size stack buffer without bounds checking, which is the textbook CWE-121 (Stack-based Buffer Overflow) pattern common to MIPS/ARM embedded firmware. Successful corruption of the saved return address or adjacent stack frames can divert control flow inside the httpd process, with the typical outcome on such devices being a denial of service or, where stack protections are absent, arbitrary code execution as the web server user (commonly root in embedded Linux).

RemediationAI

No vendor-released patch identified at time of analysis - Edimax did not respond to coordinated disclosure per the VulDB submission (https://vuldb.com/vuln/365444). As compensating controls, restrict access to the device's web management interface to a dedicated management VLAN or trusted host (the formLicence endpoint is reachable only after login, but PR:L is easily satisfied by default/weak credentials), change the default administrator password to a strong unique value, and block inbound access to the HTTP/HTTPS admin ports from the WAN side - most home/SOHO deployments only need LAN-side administration so this has minimal operational impact. Where feasible, replace the EW-7438RPn with a currently supported model, since the lack of vendor engagement suggests other unpatched issues on the same firmware are likely; consult the published exploit at https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_16/16.md to validate detection signatures for IDS/IPS in front of the device.

CVE-2026-9346 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attack

CVE-2026-9345 HIGH POC
7.4 May 24

Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attac

CVE-2026-9482 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privi

CVE-2026-9481 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9480 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileg

CVE-2026-9479 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote at

CVE-2026-9462 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attacker

CVE-2026-9461 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated at

CVE-2026-9460 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt m

CVE-2026-9459 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

CVE-2026-9427 HIGH POC
7.4 May 25

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to

CVE-2026-9426 HIGH POC
7.4 May 25

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privi

Share

EUVD-2026-31681 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy