CVE-2026-9295 - Vulnerability Details

Description

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-05-23

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The firmware of the Edimax BR‑6428NS includes a buffer overflow within the POST Request Handler for the formWirelessTbl endpoint. Manipulating the vapurl argument places data beyond the bounds of a fixed memory region, which is identified as a classic memory safety flaw under CWE‑119 and CWE‑120. If exploited, the overflow can allow an attacker to overwrite control data and potentially execute arbitrary code, which is tantamount to a remote code execution.

Affected Systems

The only affected version listed is the 1.10 firmware of the Edimax BR‑6428NS. No other versions are recorded in the CNA data and the entire device model Edimax BR‑6428NS is implicated.

Risk and Exploitability

The CVSS score of 8.7 signifies a high severity vulnerability. EPSS data is not available, but the presence of a publicly available exploit implies that the risk of an attack is real. The vulnerability can be triggered remotely through a crafted POST request, with no authentication or local privilege needed, which makes it highly attractive to attackers. The device is currently listed outside the CISA KEV catalog, but the public nature of the exploit demands urgent attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Edimax

BR-6428NS

affected

Version	Status	Constraints
`1.10`	affected	—

No data.

Vendor Product Confidence Versions

Edimax

Br-6428ns

100%

Version	Status	Scheme	Platform
`1.10`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the BR‑6428NS firmware to the latest version that removes the buffer overflow or apply a vendor patch as soon as one becomes available.
If an update is not yet released, isolate the device from the internet by restricting inbound traffic to the web management interface or block the /goform/formWirelessTbl endpoint using a firewall or ACL.
As a temporary measure, consider disabling or unlinking the web management interface altogether, or relocate the device to a secure, segmented network that limits exposure.

Generated by OpenCVE AI on May 23, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWirelessTbl-34b53a41781f80a89cadcc9b5293086e?source=copy_link
https://vuldb.com/submit/811534
https://vuldb.com/vuln/365242
https://vuldb.com/vuln/365242/cti

History

Sat, 23 May 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edimax br-6428ns
Vendors & Products		Edimax br-6428ns

Sat, 23 May 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Edimax BR-6428NS POST Request formWirelessTbl buffer overflow
First Time appeared		Edimax Edimax br-6428ns Firmware
Weaknesses		CWE-119 CWE-120
CPEs		cpe:2.3:o:edimax:br-6428ns_firmware::::::::
Vendors & Products		Edimax Edimax br-6428ns Firmware
References		https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6428NS-formWirelessTbl-34b53a41781f80a89cadcc9b5293086e?source=copy_link https://vuldb.com/submit/811534 https://vuldb.com/vuln/365242 https://vuldb.com/vuln/365242/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Edimax Br-6428ns Br-6428ns Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-23T07:45:08.253Z

Updated: 2026-05-23T07:45:08.253Z

Reserved: 2026-05-22T17:38:39.858Z

Link: CVE-2026-9295

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-23T09:30:14Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object