Ew 7438rpn Mini Firmware
Monthly
Ew-7438Rpn Mini Firmware versions up to 1.27 contains a vulnerability that allows attackers to access the /wizard_reboot (CVSS 7.5).
Ew-7438Rpn Mini Firmware versions up to 1.27 is affected by cross-site request forgery (csrf) (CVSS 8.1).
Unauthenticated remote code execution via OS command injection in Edimax EW-7438RPn-v3 Mini wireless extender firmware 1.27. EPSS 1.3% with PoC available.
Ew-7438Rpn Mini Firmware versions up to 1.13 is affected by insufficiently protected credentials (CVSS 7.5).
Ew-7438Rpn Mini Firmware versions up to 1.13 is affected by cross-site request forgery (csrf) (CVSS 5.3).
CVE-2025-34029 is an OS command injection vulnerability in Edimax EW-7438RPn Mini wireless router firmware version 1.13 and prior that allows authenticated remote attackers to execute arbitrary shell commands as root through the /goform/formSysCmd endpoint. The vulnerability has a CVSS score of 8.8 (High) and was observed being exploited in the wild by the Shadowserver Foundation on 2024-09-14 UTC, indicating active real-world attack activity against this widely-deployed consumer networking device.
CVE-2025-34024 is an OS command injection vulnerability in Edimax EW-7438RPn wireless range extender firmware versions 1.13 and prior, allowing authenticated attackers to execute arbitrary commands as root via the /goform/mp endpoint. The vulnerability results from improper input validation on the 'command' parameter in the mp.asp form handler, enabling shell metacharacter injection. Active exploitation was observed by the Shadowserver Foundation on 2024-09-14 UTC, indicating real-world threat activity against this device.
Ew-7438Rpn Mini Firmware versions up to 1.27 contains a vulnerability that allows attackers to access the /wizard_reboot (CVSS 7.5).
Ew-7438Rpn Mini Firmware versions up to 1.27 is affected by cross-site request forgery (csrf) (CVSS 8.1).
Unauthenticated remote code execution via OS command injection in Edimax EW-7438RPn-v3 Mini wireless extender firmware 1.27. EPSS 1.3% with PoC available.
Ew-7438Rpn Mini Firmware versions up to 1.13 is affected by insufficiently protected credentials (CVSS 7.5).
Ew-7438Rpn Mini Firmware versions up to 1.13 is affected by cross-site request forgery (csrf) (CVSS 5.3).
CVE-2025-34029 is an OS command injection vulnerability in Edimax EW-7438RPn Mini wireless router firmware version 1.13 and prior that allows authenticated remote attackers to execute arbitrary shell commands as root through the /goform/formSysCmd endpoint. The vulnerability has a CVSS score of 8.8 (High) and was observed being exploited in the wild by the Shadowserver Foundation on 2024-09-14 UTC, indicating active real-world attack activity against this widely-deployed consumer networking device.
CVE-2025-34024 is an OS command injection vulnerability in Edimax EW-7438RPn wireless range extender firmware versions 1.13 and prior, allowing authenticated attackers to execute arbitrary commands as root via the /goform/mp endpoint. The vulnerability results from improper input validation on the 'command' parameter in the mp.asp form handler, enabling shell metacharacter injection. Active exploitation was observed by the Shadowserver Foundation on 2024-09-14 UTC, indicating real-world threat activity against this device.