Description
A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-18
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in the formL2TPSetup function of the Edimax BR-6428NS firmware allows a remote attacker to manipulate the L2TPUserName field in a POST request, potentially leading to arbitrary code execution on the router. The flaw arises from improper bounds checking (CWE-119) and unsafe memory handling (CWE-120). Because the vulnerable endpoint is reachable over the network, the impact escalates to remote code execution, compromising confidentiality, integrity and availability of the device.

Affected Systems

The vulnerability affects the Edimax BR-6428NS router with firmware version 1.10. No other versions or variants are currently listed as impacted.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity. The EPSS score is not available, but an exploit has been published and the vulnerability can be triggered remotely via a POST request to /goform/formL2TPSetup. The lack of a vendor response and the public availability of the exploit increase the risk of real-world attacks, although the exact exploitation probability cannot be quantified in the absence of EPSS data. The vulnerability is not yet listed in the CISA KEV catalog, but the combination of public exploit, high CVSS, and remote attack vector still warrants serious attention.

Generated by OpenCVE AI on May 18, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a version that fixes the buffer overflow
  • If no patch is available, disable the L2TP service or block remote POST requests to /goform/formL2TPSetup using firewall rules or router access control
  • Restrict remote administration to trusted networks or VPN only
  • Monitor router logs for anomalous POST activity and implement network segmentation to limit exposure

Generated by OpenCVE AI on May 18, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Edimax br-6428ns
Vendors & Products Edimax br-6428ns

Mon, 18 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6428NS POST Request formL2TPSetup buffer overflow
First Time appeared Edimax
Edimax br-6428ns Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:edimax:br-6428ns_firmware:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6428ns Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6428ns Br-6428ns Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T00:30:11.484Z

Reserved: 2026-05-17T09:41:24.726Z

Link: CVE-2026-8775

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T02:16:36.627

Modified: 2026-05-18T02:16:36.627

Link: CVE-2026-8775

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T02:30:15Z

Weaknesses