CVE-2026-10166

Summary

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Affected Software

VendorProductVersion RangeStatus
EdimaxBR-6478AC1.23affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References