CVE-2026-1970

Summary

A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
EdimaxBR-6258n1.0affected
EdimaxBR-6258n1.1affected
EdimaxBR-6258n1.2affected
EdimaxBR-6258n1.3affected
EdimaxBR-6258n1.4affected
EdimaxBR-6258n1.5affected
EdimaxBR-6258n1.6affected
EdimaxBR-6258n1.7affected
EdimaxBR-6258n1.8affected
EdimaxBR-6258n1.9affected
EdimaxBR-6258n1.10affected
EdimaxBR-6258n1.11affected
EdimaxBR-6258n1.12affected
EdimaxBR-6258n1.13affected
EdimaxBR-6258n1.14affected
EdimaxBR-6258n1.15affected
EdimaxBR-6258n1.16affected
EdimaxBR-6258n1.17affected
EdimaxBR-6258n1.18affected

Weaknesses

  • CWE-601: Open Redirect

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References