Which versions of Edimax EW-7438RPn are affected by EUVD-2026-31711?

The Edimax EW-7438RPn Wi-Fi range extender contains an unpatched vulnerability with publicly available exploit code exploitable by authenticated users, creating a botnet infection risk for…

Is there a public PoC exploit available for EUVD-2026-31711?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31711. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-31711?

Within 24 hours: inventory all Edimax EW-7438RPn devices across the organization and identify which networks they serve; restrict device internet access if operationally feasible. Within 7 days: develop device remediation plan including replacement product evaluation and cost analysis; assess network segmentation options if replacement is delayed. Within 30 days: replace vulnerable devices with alternative Wi-Fi range extender products from verified vendors, or implement permanent network isolation; establish ongoing monitoring for suspected device compromise.

Edimax EW-7438RPn EUVD-2026-31711

Q: What is the CVSS score of EUVD-2026-31711?

EUVD-2026-31711 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9479 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-25 VulDB

GHSA-434w-2p2w-phjf

Stack Overflow Buffer Overflow Ew 7438Rpn

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:52 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote attackers to corrupt memory via the submit-url parameter of the formLogout handler at /goform/formLogout. Publicly available exploit code exists per VulDB disclosure, and the vendor failed to respond to coordinated disclosure, leaving the device unpatched. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Reach extender web UI on LAN

Delivery

Authenticate with low-privilege credentials

Exploit

POST oversized submit-url to /goform/formLogout

Install

Overflow stack buffer in formLogout

Hijack saved return address to shellcode

Execute

Execute code as root on embedded Linux

Impact

Persist as backdoor or botnet node