Description
A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-18
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the formStaDrvSetup endpoint of the router's web interface. An attacker can inject arbitrary shell commands by manipulating the stadrv_ssid parameter sent via an HTTP POST request. This leads to remote command execution on the device. The weakness is a classic command‑injection flaw classified as CWE‑74 and CWE‑77.

Affected Systems

Affected is the Edimax BR‑6428NS router running firmware version 1.10. The CVE applies to all devices carrying that firmware build because the vulnerable code resides in the /goform/formStaDrvSetup API.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score is not available, and the vulnerability has not yet entered the CISA KEV catalog. Exploitation is possible over the internet, and public proof‑of‑concept code exists. Attackers only need to send a crafted POST request to the vulnerable endpoint; no local or privileged access prerequisites are required.

Generated by OpenCVE AI on May 18, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Firmware Upgrade – download and install the latest Edimax BR‑6428NS firmware that removes the vulnerable code or sanitizes the stadrv_ssid input.
  • Restrict Remote Access – disable wireless remote management or limit the router’s web interface to LAN only, and configure a firewall to block the /goform/formStaDrvSetup path from external networks.
  • Input Validation – if a firmware upgrade is not immediately possible, configure the router to reject POST requests containing the stadrv_ssid parameter or enforce strict length checks.

Generated by OpenCVE AI on May 18, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Edimax br-6428ns
Vendors & Products Edimax br-6428ns

Mon, 18 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6428NS POST Request formStaDrvSetup command injection
First Time appeared Edimax
Edimax br-6428ns Firmware
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:o:edimax:br-6428ns_firmware:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6428ns Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6428ns Br-6428ns Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T01:00:15.494Z

Reserved: 2026-05-17T09:41:29.803Z

Link: CVE-2026-8777

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T02:16:36.990

Modified: 2026-05-18T02:16:36.990

Link: CVE-2026-8777

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T02:30:15Z

Weaknesses