Description
A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-05
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Open Redirect via web form
Action: Monitor
AI Analysis

Impact

A flaw in the formStaDrvSetup web interface of the Edimax BR‑6258n router allows an attacker to manipulate the submit‑url argument and trigger an open redirect, enabling malicious sites to be loaded in the context of the device’s web management console. This constitutes a CWE‑601 weakness that can be exploited remotely. While it does not provide direct code execution, the redirect can assist phishing or facilitate other social‑engineering attacks against users of the device.

Affected Systems

The affected product is the Edimax BR‑6258n router, firmware versions up to and including 1.18. The product is end‑of‑life and the vendor has not released a patch, only announcing that a consolidated security advisory will be posted on their support site.

Risk and Exploitability

The vulnerability has a CVSS score of 5.1, indicating moderate severity, and an EPSS score of less than 1 %, reflecting a low likelihood of exploitation. It is not listed in the CISA KEV catalog. The attacker can craft a URL that calls the vulnerable form and, without any user input after submission, redirects the browser to an arbitrary target. Because the attack vector is remote via HTTP access to the router’s management interface, unrestricted access to the device amplifies risk.

Generated by OpenCVE AI on April 17, 2026 at 22:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Edimax support site for a security advisory and apply any firmware update or configuration fix when released
  • Restrict external access to the router’s web management interface using firewall rules or by disabling remote management entirely
  • Configure network or device firewall settings to block or sanitize redirect attempts from the formStaDrvSetup handler

Generated by OpenCVE AI on April 17, 2026 at 22:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Edimax br-6258n Firmware
CPEs cpe:2.3:h:edimax:br-6258n:-:*:*:*:*:*:*:*
cpe:2.3:o:edimax:br-6258n_firmware:*:*:*:*:*:*:*:*
Vendors & Products Edimax br-6258n Firmware

Fri, 06 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Edimax
Edimax br-6258n
Vendors & Products Edimax
Edimax br-6258n

Thu, 05 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.
Title Edimax BR-6258n formStaDrvSetup redirect
Weaknesses CWE-601
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6258n Br-6258n Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:19:04.115Z

Reserved: 2026-02-05T13:19:47.470Z

Link: CVE-2026-1970

cve-icon Vulnrichment

Updated: 2026-02-06T20:27:44.494Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-05T22:15:53.900

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-1970

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses