CVE-2026-1971

Summary

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
EdimaxBR-6288ACL1.0affected
EdimaxBR-6288ACL1.1affected
EdimaxBR-6288ACL1.2affected
EdimaxBR-6288ACL1.3affected
EdimaxBR-6288ACL1.4affected
EdimaxBR-6288ACL1.5affected
EdimaxBR-6288ACL1.6affected
EdimaxBR-6288ACL1.7affected
EdimaxBR-6288ACL1.8affected
EdimaxBR-6288ACL1.9affected
EdimaxBR-6288ACL1.10affected
EdimaxBR-6288ACL1.11affected
EdimaxBR-6288ACL1.12affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References