Description
A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic buffer overflow in the Edimax BR‑6675nD firmware, triggered by the pppUserName parameter passed to the formWanTcpipSetup function in the POST request handler. The overflow can be leveraged to corrupt memory and execute arbitrary code, compromising confidentiality, integrity, or availability of the device. It directly maps to CWE‑119 and CWE‑120 weaknesses. The impact is that an attacker can gain full control over the router, potentially exfiltrating data, hijacking traffic, or using the device to pivot to other parts of the network.

Affected Systems

Vulnerable devices are Edimax BR‑6675nD routers running firmware version 1.12. No other versions or models were explicitly listed, so the risk is confined to that release. The product is exposed via the /goform/formWanTcpipSetup POST interface.

Risk and Exploitability

The CVSS score of 8.7 marks this a high‑severity flaw. No EPSS score is available, but the attack vector is remote, and the exploit is publicly disclosed, indicating a high likelihood of real‑world exploitation. The vulnerability is not yet listed in CISA’s KEV catalog, but that status may evolve. Given that the vendor did not respond to the disclosure, no official fix exists at present, making remediation the top priority. The risk escalates if the device remains exposed to the Internet or to untrusted users.

Generated by OpenCVE AI on May 24, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or restrict external HTTP POST requests to /goform/formWanTcpipSetup, permitting only trusted internal hosts
  • Place the router behind a firewall or VPN and limit external exposure to only necessary management ports
  • Apply any future firmware updates from Edimax that address this buffer overflow as soon as they become available
  • If possible, relocate the device to a segmented LAN or disable unused interfaces to reduce the attack surface

Generated by OpenCVE AI on May 24, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6675nD POST Request formWanTcpipSetup buffer overflow
First Time appeared Edimax
Edimax br-6675nd
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:edimax:br-6675nd:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6675nd
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6675nd
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T22:15:11.289Z

Reserved: 2026-05-24T06:24:15.457Z

Link: CVE-2026-9401

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T00:00:11Z

Weaknesses