Which versions of Edimax EW-7438RPn are affected by EUVD-2026-31714?

Edimax EW-7438RPn wireless range extenders (firmware v1.31) contain a remotely-exploitable memory corruption vulnerability that could allow attackers with low-privilege network access to crash or…

Is there a public PoC exploit available for EUVD-2026-31714?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31714. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-31714?

Within 24 hours: Conduct a network inventory to identify all Edimax EW-7438RPn devices running firmware version 1.31 and document their role in network architecture. Within 7 days: Either remove affected devices from production networks entirely or relocate them to isolated, low-trust network segments (e.g., guest Wi-Fi only, air-gapped from critical systems) with restricted management access. Within 30 days: Complete replacement of all EW-7438RPn v1.31 units with alternative vendor equipment that receives active security support and patches.

Edimax EW-7438RPn EUVD-2026-31714

Q: What is the CVSS score of EUVD-2026-31714?

EUVD-2026-31714 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9482 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-25 VulDB

GHSA-wxj6-68gg-rh5m

Stack Overflow Buffer Overflow Ew 7438Rpn

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 10:17 vuln.today

CVSS changed

May 26, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privilege credentials to corrupt memory via a crafted submit-url parameter sent to the formSDHCP handler at /goform/formSDHCP. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), but EPSS is only 0.04% and the vendor has not responded to coordinated disclosure, leaving the device unpatched.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Gain LAN access to extender

Delivery

Authenticate to web UI with low-priv credentials

Exploit

POST oversized submit-url to /goform/formSDHCP

Install

Overflow stack buffer in formSDHCP

Hijack saved return address

Execute

Execute shellcode as web daemon

Impact

Pivot into trusted network