Skip to main content

Br 6428Ns

7 CVEs product

Monthly

CVE-2026-9297 LOW POC Monitor

Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticated attacker to execute arbitrary OS commands by manipulating the repeaterSSID parameter in a POST request to /goform/formWlbasic. A publicly available proof-of-concept exploit exists, raising the practical risk above what the moderate CVSS score of 6.3 alone suggests. The vendor was notified prior to disclosure but did not respond, meaning no vendor-supplied patch exists at time of analysis.

Command Injection Br 6428Ns
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9296 LOW POC Monitor

Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command execution via the /goform/formWlanM POST request handler. An authenticated remote attacker (PR:L per CVSS) can manipulate any of 29+ wireless calibration and ATE parameters - including ateFunc, ateGain, e2pTxPower series, and readE2P - to inject arbitrary shell commands into the device OS. No vendor patch exists as Edimax did not respond to responsible disclosure; a publicly available exploit exists, and the breadth of vulnerable parameters indicates a systemic absence of input sanitization across the wlanM form handler.

Command Injection Br 6428Ns
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-9295 HIGH POC This Week

Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to corrupt memory by submitting a crafted vapurl parameter to the formWirelessTbl POST handler at /goform/formWirelessTbl. Publicly available exploit code exists (released via VulDB and a Notion writeup), and the vendor has not responded to coordinated disclosure attempts. The flaw is not currently listed in CISA KEV, but the combination of public PoC, low attack complexity, and an unpatched/unresponsive vendor makes this a tangible risk for any exposed device.

Buffer Overflow Br 6428Ns
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-9294 HIGH POC This Week

Stack buffer overflow in the Edimax BR-6428NS 1.10 wireless router allows authenticated remote attackers to corrupt memory by sending an overlong pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists, and the vendor failed to respond to the coordinated disclosure attempt, leaving devices without an official fix. With a CVSS of 8.8 and full CIA impact, successful exploitation can result in arbitrary code execution or device takeover on the embedded router.

Buffer Overflow Br 6428Ns
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-8777 LOW POC Monitor

Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system commands via the stadrv_ssid parameter in POST requests to /goform/formStaDrvSetup. Public exploit code is available (documented in VulDB and researcher's Notion page), enabling low-complexity attacks against networks where attackers have obtained low-privilege credentials. The vendor received early disclosure but provided no response, leaving no official patch timeline.

Command Injection Br 6428Ns
NVD VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-8776 HIGH POC This Week

Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt memory by sending an overlong pptpUserName parameter to the /goform/formPPTPSetup endpoint. Publicly available exploit code exists per VulDB disclosure, and no public exploit identified at time of analysis in CISA KEV. The vendor was reportedly contacted prior to disclosure but did not respond, leaving the device line without a confirmed fix.

Buffer Overflow Br 6428Ns
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-8775 HIGH POC This Week

Stack buffer overflow in the Edimax BR-6428NS router firmware version 1.10 allows authenticated remote attackers to corrupt memory by sending a crafted POST request to the formL2TPSetup handler with an oversized L2TPUserName parameter. Publicly available exploit code exists via a third-party Notion writeup, and the vendor was contacted but did not respond, leaving devices exposed without a coordinated fix. No CISA KEV listing or EPSS data is available to confirm active mass exploitation, but the combination of a public PoC and unresponsive vendor elevates real-world risk for any internet-exposed device.

Buffer Overflow Br 6428Ns
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticated attacker to execute arbitrary OS commands by manipulating the repeaterSSID parameter in a POST request to /goform/formWlbasic. A publicly available proof-of-concept exploit exists, raising the practical risk above what the moderate CVSS score of 6.3 alone suggests. The vendor was notified prior to disclosure but did not respond, meaning no vendor-supplied patch exists at time of analysis.

Command Injection Br 6428Ns
NVD VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command execution via the /goform/formWlanM POST request handler. An authenticated remote attacker (PR:L per CVSS) can manipulate any of 29+ wireless calibration and ATE parameters - including ateFunc, ateGain, e2pTxPower series, and readE2P - to inject arbitrary shell commands into the device OS. No vendor patch exists as Edimax did not respond to responsible disclosure; a publicly available exploit exists, and the breadth of vulnerable parameters indicates a systemic absence of input sanitization across the wlanM form handler.

Command Injection Br 6428Ns
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to corrupt memory by submitting a crafted vapurl parameter to the formWirelessTbl POST handler at /goform/formWirelessTbl. Publicly available exploit code exists (released via VulDB and a Notion writeup), and the vendor has not responded to coordinated disclosure attempts. The flaw is not currently listed in CISA KEV, but the combination of public PoC, low attack complexity, and an unpatched/unresponsive vendor makes this a tangible risk for any exposed device.

Buffer Overflow Br 6428Ns
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack buffer overflow in the Edimax BR-6428NS 1.10 wireless router allows authenticated remote attackers to corrupt memory by sending an overlong pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists, and the vendor failed to respond to the coordinated disclosure attempt, leaving devices without an official fix. With a CVSS of 8.8 and full CIA impact, successful exploitation can result in arbitrary code execution or device takeover on the embedded router.

Buffer Overflow Br 6428Ns
NVD VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system commands via the stadrv_ssid parameter in POST requests to /goform/formStaDrvSetup. Public exploit code is available (documented in VulDB and researcher's Notion page), enabling low-complexity attacks against networks where attackers have obtained low-privilege credentials. The vendor received early disclosure but provided no response, leaving no official patch timeline.

Command Injection Br 6428Ns
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt memory by sending an overlong pptpUserName parameter to the /goform/formPPTPSetup endpoint. Publicly available exploit code exists per VulDB disclosure, and no public exploit identified at time of analysis in CISA KEV. The vendor was reportedly contacted prior to disclosure but did not respond, leaving the device line without a confirmed fix.

Buffer Overflow Br 6428Ns
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack buffer overflow in the Edimax BR-6428NS router firmware version 1.10 allows authenticated remote attackers to corrupt memory by sending a crafted POST request to the formL2TPSetup handler with an oversized L2TPUserName parameter. Publicly available exploit code exists via a third-party Notion writeup, and the vendor was contacted but did not respond, leaving devices exposed without a coordinated fix. No CISA KEV listing or EPSS data is available to confirm active mass exploitation, but the combination of a public PoC and unresponsive vendor elevates real-world risk for any internet-exposed device.

Buffer Overflow Br 6428Ns
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy