CVE-2026-7683

Summary

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
EdimaxBR-6428nC1.0affected
EdimaxBR-6428nC1.1affected
EdimaxBR-6428nC1.2affected
EdimaxBR-6428nC1.3affected
EdimaxBR-6428nC1.4affected
EdimaxBR-6428nC1.5affected
EdimaxBR-6428nC1.6affected
EdimaxBR-6428nC1.7affected
EdimaxBR-6428nC1.8affected
EdimaxBR-6428nC1.9affected
EdimaxBR-6428nC1.10affected
EdimaxBR-6428nC1.11affected
EdimaxBR-6428nC1.12affected
EdimaxBR-6428nC1.13affected
EdimaxBR-6428nC1.14affected
EdimaxBR-6428nC1.15affected
EdimaxBR-6428nC1.16affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References