Description
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-18
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow occurs in the formPPTPSetup function of the Edimax BR-6428NS router firmware 1.10 when an attacker manipulates the pptpUserName argument of a POST request to the /goform/formPPTPSetup endpoint. The overflow can corrupt memory and, based on the nature of buffer overflows, may lead to arbitrary code execution or a system crash. The description states that the attack can be launched remotely, implying no local privileges are required and that the vulnerable endpoint is reachable over the network.

Affected Systems

The affected system is the Edimax BR-6428NS router running firmware version 1.10. No other versions are explicitly listed as vulnerable in the data provided.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, but the fact that an exploit has been publicly disclosed and can be triggered remotely raises the likelihood of exploitation. Attackers can send malicious POST requests to the router’s HTTP interface to exploit the buffer overflow. In the absence of an official patch, the risk remains high until remediation steps are applied.

Generated by OpenCVE AI on May 18, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block external access to the router’s HTTP interface or restrict it to trusted networks
  • Disable the PPTP configuration feature or block the /goform/formPPTPSetup endpoint if the router allows it
  • When a vendor patch is released, upgrade the firmware to the latest version that addresses the overflow

Generated by OpenCVE AI on May 18, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Edimax br-6428ns
Vendors & Products Edimax br-6428ns

Mon, 18 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6428NS POST Request formPPTPSetup buffer overflow
First Time appeared Edimax
Edimax br-6428ns Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:edimax:br-6428ns_firmware:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6428ns Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6428ns Br-6428ns Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T00:45:09.768Z

Reserved: 2026-05-17T09:41:27.271Z

Link: CVE-2026-8776

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T02:16:36.803

Modified: 2026-05-18T02:16:36.803

Link: CVE-2026-8776

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T02:30:15Z

Weaknesses