CVE-2026-9346

Summary

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
EdimaxEW-7438RPn1.0affected
EdimaxEW-7438RPn1.1affected
EdimaxEW-7438RPn1.2affected
EdimaxEW-7438RPn1.3affected
EdimaxEW-7438RPn1.4affected
EdimaxEW-7438RPn1.5affected
EdimaxEW-7438RPn1.6affected
EdimaxEW-7438RPn1.7affected
EdimaxEW-7438RPn1.8affected
EdimaxEW-7438RPn1.9affected
EdimaxEW-7438RPn1.10affected
EdimaxEW-7438RPn1.11affected
EdimaxEW-7438RPn1.12affected
EdimaxEW-7438RPn1.13affected
EdimaxEW-7438RPn1.14affected
EdimaxEW-7438RPn1.15affected
EdimaxEW-7438RPn1.16affected
EdimaxEW-7438RPn1.17affected
EdimaxEW-7438RPn1.18affected
EdimaxEW-7438RPn1.19affected
EdimaxEW-7438RPn1.20affected
EdimaxEW-7438RPn1.21affected
EdimaxEW-7438RPn1.22affected
EdimaxEW-7438RPn1.23affected
EdimaxEW-7438RPn1.24affected
EdimaxEW-7438RPn1.25affected
EdimaxEW-7438RPn1.26affected
EdimaxEW-7438RPn1.27affected
EdimaxEW-7438RPn1.28affected
EdimaxEW-7438RPn1.29affected
EdimaxEW-7438RPn1.30affected
EdimaxEW-7438RPn1.31affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References