Description
A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the formPPTPSetup function of the POST Request Handler on the Edimax BR‑6675nD router. The overflow is triggered when a long pptpUserName value is sent in the /goform/formPPTPSetup endpoint, allowing an attacker to overwrite memory and potentially execute arbitrary code. The flaw is identified as CWE‑119 (buffer overflow). The vendor supplied no patch in the information, and the exploit is publicly available.

Affected Systems

The vulnerability affects the Edimax BR‑6675nD router running firmware version 1.12. Users of this model should verify the firmware version and apply updates when available.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity condition. Although a precise EPSS value is not provided, the presence of a published exploit and the remote nature of the attack vector increase the risk assessment. The flaw is not listed in CISA’s KEV catalog, but the active exploitation potential warrants immediate remedial action through vendor updates or other mitigations. The most probable attack path involves an unauthenticated external attacker sending a crafted HTTP POST request to /goform/formPPTPSetup with an excessively long pptpUserName field to trigger the overflow.

Generated by OpenCVE AI on May 24, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update or upgrade the router firmware to a version that resolves the formPPTPSetup buffer overflow.
  • Restrict external access to the router’s management interface by placing the device behind a firewall and limiting inbound connections to trusted IP ranges.
  • If the router does not need PPTP functionality, disable the PPTP service or remove the form from the management web interface.

Generated by OpenCVE AI on May 24, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 13:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6675nD POST Request formPPTPSetup buffer overflow
First Time appeared Edimax
Edimax br-6675nd
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:edimax:br-6675nd:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6675nd
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6675nd
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T13:00:13.177Z

Reserved: 2026-05-23T14:59:13.835Z

Link: CVE-2026-9382

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T15:15:05Z

Weaknesses