Description
A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the formWirelessTbl function of the web interface on the Edimax EW‑7438RPn. Manipulating the submit‑url argument triggers the overflow, which an attacker can exploit remotely to execute arbitrary code and compromise the device’s integrity, confidentiality, and availability.

Affected Systems

The flaw affects Edimax EW‑7438RPn firmware versions up to 1.31.

Risk and Exploitability

With a CVSS score of 8.7 and a published exploit, the vulnerability presents a high risk. Though the EPSS score is unavailable and the vulnerability is not in the CISA KEV list, the remote attack vector and known exploits suggest it is likely to be targeted. Successful exploitation would give attackers full control over the device.

Generated by OpenCVE AI on May 24, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version newer than 1.31, which resolves the buffer overflow.
  • If a firmware update is unavailable, limit external access to the /goform/formWirelessTbl URL by applying firewall or ACL rules to block unsolicited traffic.
  • Continuously monitor device logs for anomalous activity around the formWirelessTbl endpoint and verify that no known exploit code is running on the network.

Generated by OpenCVE AI on May 24, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7438RPn webs formWirelessTbl buffer overflow
First Time appeared Edimax
Edimax ew-7438rpn
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:edimax:ew-7438rpn:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7438rpn
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7438rpn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T00:30:12.125Z

Reserved: 2026-05-23T08:32:26.551Z

Link: CVE-2026-9346

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T02:30:05Z

Weaknesses