Description
A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-03
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Edimax BR‑6428nC router firmware (up to version 1.16) permits attackers to inject arbitrary shell commands through the pppUserName or pptpUserName parameters on the /goform/setWAN web interface. This command injection (CWE‑74) is aggravated by improper validation of user‑supplied input (CWE‑77). Based on the description, it is inferred that exploitation could execute commands with the privileges of the web service, potentially allowing full control of the router and the networks it manages.

Affected Systems

Edimax BR‑6428nC routers with firmware versions 1.16 or earlier are affected. The vulnerability is located in the /goform/setWAN endpoint of the router’s web interface.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and EPSS information is not available. However, a publicly available proof‑of‑concept has been released, enabling attackers to launch the exploit remotely over HTTP/HTTPS. While the vulnerability is not listed in the CISA KEV catalog, the ability to inject arbitrary commands from external hosts represents a tangible threat that warrants prompt remediation.

Generated by OpenCVE AI on May 3, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a version that includes a fix for the setWAN command injection vulnerability.
  • If a patched firmware is not immediately available, block external access to the router’s web interface (ports 80 and 443) by configuring firewall rules or access‑control lists, allowing management only from trusted local or VPN addresses.
  • Enable logging on the router and monitor for anomalous requests to the /goform/setWAN endpoint, establishing alerts for suspicious activity.

Generated by OpenCVE AI on May 3, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 03 May 2026 07:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6428nC Web setWAN command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-03T06:30:11.859Z

Reserved: 2026-05-02T11:05:17.200Z

Link: CVE-2026-7683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-03T07:16:25.010

Modified: 2026-05-03T07:16:25.010

Link: CVE-2026-7683

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T09:30:16Z

Weaknesses