Description
A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow vulnerability exists in the formL2TPSetup handler of Edimax BR‑6675nD firmware 1.12. Crafting the L2TPUserName field of a POST request to /goform/formL2TPSetup can corrupt memory, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The flaw is categorized as CWE‑119 and CWE‑120 and carries a CVSS score of 8.7, indicating a serious security risk.

Affected Systems

Devices running Edimax BR‑6675nD firmware 1.12 are affected.

Risk and Exploitability

The vulnerability is exploitable remotely through a crafted HTTP POST request. No EPSS data is available and the flaw is not currently listed in the CISA KEV catalog, but the high CVSS score and public disclosure suggest a significant risk of deployment. If exploited, the attacker could gain remote code execution or cause service disruption on the device.

Generated by OpenCVE AI on May 24, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Immediately block or disable access to the /goform/formL2TPSetup POST endpoint, or disable the L2TP service on the device to prevent exploitation.
  • Check for and install any available firmware update from Edimax that addresses the buffer overflow; applying the vendor fix is the most reliable remediation.
  • Apply network segmentation or firewall rules to restrict remote access to the device to trusted IP addresses only, reducing the attack surface until a patch is available.

Generated by OpenCVE AI on May 24, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 12:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6675nD POST Request formL2TPSetup buffer overflow
First Time appeared Edimax
Edimax br-6675nd
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:edimax:br-6675nd:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6675nd
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6675nd
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T12:15:10.003Z

Reserved: 2026-05-23T14:59:07.427Z

Link: CVE-2026-9380

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T13:30:15Z

Weaknesses