Skip to main content

Br 6428Nc

2 CVEs product

Monthly

CVE-2026-7684 HIGH POC This Week

Buffer overflow in Edimax BR-6428nC router firmware (version 1.16 and earlier) allows authenticated remote attackers to execute arbitrary code via crafted pptpDfGateway parameter in the /goform/setWAN endpoint. A public proof-of-concept exploit exists demonstrating stack overflow exploitation. EPSS data not available, but the combination of remote attack vector, low complexity, and published exploit code indicates elevated real-world risk for exposed devices with default credentials.

Buffer Overflow Br 6428Nc
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7683 LOW POC Monitor

Command injection in Edimax BR-6428nC router web interface through the /goform/setWAN endpoint allows authenticated remote attackers to execute arbitrary system commands via unsanitized pppUserName or pptpUserName parameters. Affected firmware versions up to 1.16 contain this vulnerability; publicly available exploit code exists. The vendor was contacted but did not respond, indicating no security fix is anticipated.

Command Injection Br 6428Nc
NVD VulDB
CVSS 4.0
2.1
EPSS
0.7%
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Edimax BR-6428nC router firmware (version 1.16 and earlier) allows authenticated remote attackers to execute arbitrary code via crafted pptpDfGateway parameter in the /goform/setWAN endpoint. A public proof-of-concept exploit exists demonstrating stack overflow exploitation. EPSS data not available, but the combination of remote attack vector, low complexity, and published exploit code indicates elevated real-world risk for exposed devices with default credentials.

Buffer Overflow Br 6428Nc
NVD VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in Edimax BR-6428nC router web interface through the /goform/setWAN endpoint allows authenticated remote attackers to execute arbitrary system commands via unsanitized pppUserName or pptpUserName parameters. Affected firmware versions up to 1.16 contain this vulnerability; publicly available exploit code exists. The vendor was contacted but did not respond, indicating no security fix is anticipated.

Command Injection Br 6428Nc
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy