Description
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-03
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the /goform/setWAN function of Edimax BR-6428nC firmware versions up to 1.16. The vulnerable argument pptpDfGateway allows an attacker to overwrite critical stack data, potentially enabling arbitrary code execution or system compromise. This weakness is identified as CWE-119 and CWE-120 and directly affects confidentiality, integrity, and availability of the device.

Affected Systems

The vulnerability impacts Edimax BR‑6428nC routers with firmware 1.16 or earlier. No other vendors or product lines are affected according to the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. EPSS information is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. However, the attack can be launched remotely via the setWAN endpoint, and the exploit is publicly disclosed. Attackers can target the router over a network to trigger the overflow, likely achieving remote code execution. The risk remains significant until a patch or mitigation is applied.

Generated by OpenCVE AI on May 3, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to the latest version that removes the vulnerability (version higher than 1.16).
  • If no patch is immediately available, block inbound traffic to the /goform/setWAN endpoint using firewall rules or deny management access from untrusted networks.
  • As a temporary workaround, disable PPTP functionality on the affected device to prevent the specific overflow path.

Generated by OpenCVE AI on May 3, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Edimax
Edimax br-6428nc
Vendors & Products Edimax
Edimax br-6428nc

Sun, 03 May 2026 07:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6428nC setWAN buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6428nc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T17:50:56.333Z

Reserved: 2026-05-02T11:05:22.746Z

Link: CVE-2026-7684

cve-icon Vulnrichment

Updated: 2026-05-04T16:22:28.065Z

cve-icon NVD

Status : Deferred

Published: 2026-05-03T07:16:25.200

Modified: 2026-05-05T19:30:15.207

Link: CVE-2026-7684

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T16:06:34Z

Weaknesses