Description
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-03
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the /goform/setWAN function of Edimax BR-6428nC firmware versions up to 1.16. The vulnerable argument pptpDfGateway allows an attacker to overwrite critical stack data, potentially enabling arbitrary code execution or system compromise. This weakness is identified as CWE-119 and CWE-120 and directly affects confidentiality, integrity, and availability of the device.

Affected Systems

The vulnerability impacts Edimax BR‑6428nC routers with firmware 1.16 or earlier. No other vendors or product lines are affected according to the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. EPSS information is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. However, the attack can be launched remotely via the setWAN endpoint, and the exploit is publicly disclosed. Attackers can target the router over a network to trigger the overflow, likely achieving remote code execution. The risk remains significant until a patch or mitigation is applied.

Generated by OpenCVE AI on May 3, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to the latest version that removes the vulnerability (version higher than 1.16).
  • If no patch is immediately available, block inbound traffic to the /goform/setWAN endpoint using firewall rules or deny management access from untrusted networks.
  • As a temporary workaround, disable PPTP functionality on the affected device to prevent the specific overflow path.

Generated by OpenCVE AI on May 3, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 03 May 2026 07:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6428nC setWAN buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-03T06:45:10.650Z

Reserved: 2026-05-02T11:05:22.746Z

Link: CVE-2026-7684

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-03T07:16:25.200

Modified: 2026-05-03T07:16:25.200

Link: CVE-2026-7684

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T08:30:06Z

Weaknesses