Description
A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-03
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the /goform/setWAN functionality of Edimax BR‑6208AC firmware up to version 1.02. By manipulating the pptpDfGateway argument the attacker can overflow an internal buffer, potentially leading to arbitrary code execution on the device.

Affected Systems

The affected product is Edimax BR‑6208AC routers. All firmware releases through version 1.02 are impacted. No other products or versions are listed as affected.

Risk and Exploitability

The flaw carries a CVSS score of 8.7, classifying it as high severity. The EPSS is not available and the issue is not listed in CISA’s KEV catalog, however the attack vector is remote, reachable via the web interface or the gateway configuration interface. Since the exploit code is public, an attacker who can reach the device from the network can trigger the overflow and potentially execute arbitrary code, compromising confidentiality, integrity, and availability of the device and connected networks.

Generated by OpenCVE AI on May 3, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to the latest version that fixes the setWAN buffer overflow once it becomes available from Edimax.
  • If an update is not yet released, block external access to the /goform/setWAN endpoint using a firewall rule or access control list to prevent remote manipulation of pptpDfGateway.
  • If possible, disable PPTP functionality or reconfigure the router so that pptpDfGateway is set to a safe default value; otherwise restrict the configuration interface to trusted internal networks only.
  • Continuously monitor device logs for suspicious activity and apply additional network segmentation to isolate critical infrastructure.

Generated by OpenCVE AI on May 3, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 03 May 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Edimax br-6208ac
Vendors & Products Edimax br-6208ac

Sun, 03 May 2026 07:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6208AC setWAN buffer overflow
First Time appeared Edimax
Edimax br-6208ac Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:edimax:br-6208ac_firmware:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6208ac Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6208ac Br-6208ac Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-03T07:00:12.291Z

Reserved: 2026-05-02T11:05:41.120Z

Link: CVE-2026-7685

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-03T07:16:25.390

Modified: 2026-05-03T07:16:25.390

Link: CVE-2026-7685

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T09:00:10Z

Weaknesses