Which versions of Edimax EW-7438RPn are affected by EUVD-2026-31682?

Edimax EW-7438RPn wireless range extenders (version 1.31) contain a remotely exploitable buffer overflow vulnerability in their web management interface that enables complete device compromise.

Is there a public PoC exploit available for EUVD-2026-31682?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31682. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-31682?

Within 24 hours: Identify all Edimax EW-7438RPn v1.31 devices; restrict network access to the management interface to administrative IP ranges only via firewall rules; disable WPS functionality unless operationally required. Within 7 days: Contact Edimax support to confirm no patch is planned; begin procurement of replacement devices with demonstrated vendor security response; implement network segmentation to isolate affected devices. Within 30 days: Complete replacement of all affected devices or verify all compensating controls remain in place and are actively monitored for exploitation attempts.

Edimax EW-7438RPn EUVD-2026-31682

Q: What is the CVSS score of EUVD-2026-31682?

EUVD-2026-31682 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9462 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-25 VulDB

GHSA-5383-33xm-xf5w

Stack Overflow Buffer Overflow Ew 7438Rpn

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:37 vuln.today

CVSS changed

May 26, 2026 - 20:07 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attackers to compromise the device by supplying an oversized submit-url argument to the /goform/formWpsProxyEnable web management endpoint. Exploitation achieves full confidentiality, integrity, and availability impact on the device per CVSS VC:H/VI:H/VA:H, and a public proof-of-concept is available on GitHub. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Obtain low-privileged web management credentials

Delivery

Authenticate to /goform/formWpsProxyEnable endpoint

Exploit

Submit crafted oversized submit-url parameter

Install

Overflow fixed-size stack buffer

Overwrite return address on stack frame

Execute

Redirect execution to attacker-controlled code

Impact

Achieve full device compromise