Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web endpoint (AV:N/AC:L), requires valid web-UI credentials per CVSS 4.0 PR:L mapping to PR:L, no user interaction, full RCE as root on the device yields C/I/A:H.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack/heap buffer overflow in the Edimax BR-6478AC V2 wireless router (firmware 1.23) lets an authenticated attacker corrupt memory by sending an oversized selSSID parameter to the formWlSiteSurvey handler under /goform/, enabling denial of service and potentially arbitrary code execution on the device. Publicly available exploit code exists, but no public exploit identified at time of analysis as actively used in attacks (not in CISA KEV); the vendor was notified and did not respond, leaving devices unpatched. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must be able to reach the router's HTTP management interface (LAN-side by default, or WAN-side only if remote administration is enabled) and must possess valid web-UI credentials, since the CVSS vector specifies PR:L; exploitation does not require user interaction (UI:N) or unusual attack requirements (AT:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is moderate-to-elevated but bounded by deployment context. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained valid web-UI credentials - for example by guessing the default Edimax admin password on an internet-exposed router or by pivoting from a compromised LAN host - sends a crafted POST request to /goform/formWlSiteSurvey with an over-long selSSID value. The oversize copy corrupts memory in the httpd process and, leveraging the publicly disclosed exploit writeup hosted on Notion, can be steered toward arbitrary code execution as root on the router, granting persistent control of the gateway and the ability to intercept or redirect all client traffic. |
| Remediation | No vendor-released patch identified at time of analysis - Edimax did not respond to the disclosure, so administrators must rely on compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Edimax BR-6478AC V2 devices; restrict router management interface access via network ACLs; disable remote management if enabled. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Br 6478Ac V2
View allCommand injection in the Edimax BR-6478AC V2 router (firmware 1.23) allows network-adjacent authenticated attackers to e
Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privilege credentials to execute
Command injection in the Edimax BR-6478AC V2 router (firmware 1.23) allows authenticated remote attackers to execute arb
Command injection in Edimax BR-6478AC V2 firmware 1.23 allows remote attackers with low-privileged web interface access
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38192
GHSA-93qv-48qr-mj84