CVE-2026-9343

Summary

A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
EdimaxEW-7438RPn1.0affected
EdimaxEW-7438RPn1.1affected
EdimaxEW-7438RPn1.2affected
EdimaxEW-7438RPn1.3affected
EdimaxEW-7438RPn1.4affected
EdimaxEW-7438RPn1.5affected
EdimaxEW-7438RPn1.6affected
EdimaxEW-7438RPn1.7affected
EdimaxEW-7438RPn1.8affected
EdimaxEW-7438RPn1.9affected
EdimaxEW-7438RPn1.10affected
EdimaxEW-7438RPn1.11affected
EdimaxEW-7438RPn1.12affected
EdimaxEW-7438RPn1.13affected
EdimaxEW-7438RPn1.14affected
EdimaxEW-7438RPn1.15affected
EdimaxEW-7438RPn1.16affected
EdimaxEW-7438RPn1.17affected
EdimaxEW-7438RPn1.18affected
EdimaxEW-7438RPn1.19affected
EdimaxEW-7438RPn1.20affected
EdimaxEW-7438RPn1.21affected
EdimaxEW-7438RPn1.22affected
EdimaxEW-7438RPn1.23affected
EdimaxEW-7438RPn1.24affected
EdimaxEW-7438RPn1.25affected
EdimaxEW-7438RPn1.26affected
EdimaxEW-7438RPn1.27affected
EdimaxEW-7438RPn1.28affected
EdimaxEW-7438RPn1.29affected
EdimaxEW-7438RPn1.30affected
EdimaxEW-7438RPn1.31affected

Weaknesses

  • CWE-78: OS Command Injection
  • CWE-77: Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References