CVE-2026-9294 - Vulnerability Details

Description

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-05-23

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a classic stack-based buffer overflow triggered by the pppUserName parameter in the formWanTcpipSetup function of the /goform/formWanTcpipSetup POST request handler. An attacker can supply a username longer than the buffer allows, causing a memory overwrite that can lead to arbitrary code execution on the device. This is a high severity issue indexed by CWE-119 and CWE-120.

Affected Systems

The affected systems are Edimax BR-6428NS routers running firmware 1.10, as documented in the disclosure. Any device using that specific firmware revision and exposing the formWanTcpipSetup POST endpoint is vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates a high risk level, and the disclosure notes that an exploit is publicly available and can be launched remotely. The EPSS score is not reported, but the publicly available exploit and lack of vendor response raise concern. Based on the description, the likely attack vector is remote over the router's web management interface: an attacker can send a crafted HTTP POST request to /goform/formWanTcpipSetup from outside the local network. The vulnerability can be exploited without local access and does not require authentication, given the lack of stated restrictions. This risk, coupled with the high CVSS, makes immediate remediation necessary.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Edimax

BR-6428NS

affected

Version	Status	Constraints
`1.10`	affected	—

No data.

Vendor Product Confidence Versions

Edimax

Br-6428ns

100%

Version	Status	Scheme	Platform
`1.10`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware that addresses this issue; if none exists, contact the vendor for a patch.
Restrict access to the router’s web management interface by configuring firewall rules or enabling VLAN isolation so that only trusted local networks can reach the /goform endpoint.
If a patch is not yet available, mitigate the risk by limiting the size and content of the pppUserName field—implement input validation or disable the affected POST endpoint for external traffic through router configuration or a web application firewall.

Generated by OpenCVE AI on May 23, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWanTcpipSetup-34b53a41781f80049b27db22e62fd8fd?source=copy_link
https://vuldb.com/submit/811533
https://vuldb.com/vuln/365241
https://vuldb.com/vuln/365241/cti

History

Sat, 23 May 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edimax br-6428ns
Vendors & Products		Edimax br-6428ns

Sat, 23 May 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Edimax BR-6428NS POST Request formWanTcpipSetup buffer overflow
First Time appeared		Edimax Edimax br-6428ns Firmware
Weaknesses		CWE-119 CWE-120
CPEs		cpe:2.3:o:edimax:br-6428ns_firmware::::::::
Vendors & Products		Edimax Edimax br-6428ns Firmware
References		https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWanTcpipSetup-34b53a41781f80049b27db22e62fd8fd?source=copy_link https://vuldb.com/submit/811533 https://vuldb.com/vuln/365241 https://vuldb.com/vuln/365241/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Edimax Br-6428ns Br-6428ns Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-23T07:30:10.071Z

Updated: 2026-05-23T07:30:10.071Z

Reserved: 2026-05-22T17:38:37.055Z

Link: CVE-2026-9294

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-23T09:30:14Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object