Skip to main content

Edimax BR-6478AC EUVD-2026-33484

| CVE-2026-10164 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-31 VulDB GHSA-rfrj-7c7m-jchq
Buffer Overflow Br 6478Ac
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 31, 2026 - 04:29 vuln.today
v3 (cvss_changed)
Analysis Updated
May 31, 2026 - 04:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 31, 2026 - 04:22 vuln.today
cvss_changed
CVSS changed
May 31, 2026 - 04:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 31, 2026 - 03:42 vuln.today

DescriptionCVE.org

A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

Remote buffer overflow in the Edimax BR-6478AC 1.23 wireless router allows authenticated attackers to corrupt memory via the formUSBFolder POST handler by supplying oversized ShareName or SelectName arguments. Publicly available exploit code exists (hosted on a Notion page referenced by VulDB), and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device with low privileges required. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router admin web interface
Delivery
Authenticate with admin credentials
Exploit
POST to /goform/formUSBFolder with oversized ShareName/SelectName
Execution
Overflow buffer in formUSBFolder handler
Persist
Corrupt memory in web daemon
Impact
Achieve DoS or code execution on device
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network reachability to the router's HTTP administration interface on the LAN or, if remote management is enabled, the WAN; (2) valid administrator-level credentials to the web UI (PR:L in the CVSS vector); and (3) the ability to issue a POST to the /goform/formUSBFolder endpoint with attacker-controlled ShareName or SelectName parameters, which presupposes the USB sharing feature is present and reachable in the firmware build (confirmed on BR-6478AC 1.23, specifically demonstrated on the BR-6478ACV2 hardware revision). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H gives 7.4 (High): exploitable over the network with low complexity and no user interaction, but requiring low privileges (an authenticated session on the web UI). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or guessed administrator credentials (or who chains a CSRF against a logged-in admin) sends a crafted POST request to /goform/formUSBFolder with an oversized ShareName or SelectName value, overflowing the parameter buffer in the web daemon. Because publicly available exploit code exists on the referenced Notion page, the barrier to weaponization is low, and successful memory corruption on this embedded Linux router typically yields denial of service of the admin daemon at minimum and plausibly code execution as the web service user.
Remediation No vendor-released patch identified at time of analysis, so administrators should apply compensating controls until Edimax publishes updated firmware: restrict access to the router's web administration interface to trusted management VLANs or LAN-only (disable any 'remote management' / WAN-side admin option), which eliminates the network attack surface at the cost of needing on-network access for changes; change default administrator credentials and enforce strong unique passwords to raise the bar for the PR:L precondition; disable the USB sharing feature entirely if not in use, which removes the vulnerable formUSBFolder code path at the cost of losing network USB share functionality; and consider replacing the device if it is end-of-life. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify all Edimax BR-6478AC v1.23 devices in network inventory; restrict administrative interface access to trusted networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33484 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy