CVE-2026-10165 - Vulnerability Details

- Edimax BR-6478AC POST Request formWanTcpipSetup stack-based overflow

Description

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.

Published: 2026-05-31

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the formWanTcpipSetup handler of the Edimax BR-6478AC firmware. Input validation of the pppUserName field allows an attacker to send a crafted value that overflows a stack buffer, potentially corrupting execution state. The wording in the description indicates that this can lead to arbitrary code execution or a denial‑of‑service condition by corrupting memory on the affected device. The weakness is classified as a buffer overflow (CWE-119) and a stack-based buffer overflow (CWE-121).

Affected Systems

The affected product is the Edimax BR‑6478AC router, specifically firmware version 1.23. End users operating older firmware should verify the version and assess the risk of this vulnerability. No other vendors or product lines are listed.

Risk and Exploitability

The CVSS score of 8.7 classifies the flaw as high severity. EPSS data is unavailable, yet the public note that an exploit exists and can be executed remotely suggests a realistic threat. The vulnerability can be triggered from a remote host via the publicly exposed POST endpoint at /goform/formWanTcpipSetup, making it directly exploitable over the network. The device is not listed in the CISA KEV catalog, but given the public availability of the exploitation code, administrators should treat it as an immediate risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Edimax

BR-6478AC

affected

Version	Status	Constraints
`1.23`	affected	—

No data.

Vendor Product Confidence Versions

Edimax

Br-6478ac

100%

Version	Status	Scheme	Platform
`1.23`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor‑supplied firmware update that addresses the formWanTcpipSetup buffer overflow.
If an update is not yet available, restrict external access to the router’s web interface by configuring firewall rules so that only trusted IP addresses can reach the POST endpoint.
In the interim, monitor the device for abnormal crashes or execution of unexpected processes, and log all requests to /goform/formWanTcpipSetup for anomalous payloads.

Generated by OpenCVE AI on May 31, 2026 at 04:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formWanTcpipSetup-34b53a41781f8013a811da2b3c8b7aa3?source=copy_link
https://vuldb.com/submit/818601
https://vuldb.com/vuln/367419
https://vuldb.com/vuln/367419/cti

History

Sun, 31 May 2026 04:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edimax br-6478ac
Vendors & Products		Edimax br-6478ac

Sun, 31 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.
Title		Edimax BR-6478AC POST Request formWanTcpipSetup stack-based overflow
First Time appeared		Edimax Edimax br-6478ac Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:edimax:br-6478ac_firmware::::::::
Vendors & Products		Edimax Edimax br-6478ac Firmware
References		https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formWanTcpipSetup-34b53a41781f8013a811da2b3c8b7aa3?source=copy_link https://vuldb.com/submit/818601 https://vuldb.com/vuln/367419 https://vuldb.com/vuln/367419/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Edimax Br-6478ac Br-6478ac Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-31T03:00:10.931Z

Updated: 2026-05-31T03:00:10.931Z

Reserved: 2026-05-30T07:04:45.643Z

Link: CVE-2026-10165

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-31T04:16:19.510

Modified: 2026-05-31T04:16:19.510

Link: CVE-2026-10165

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-31T05:00:12Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object