CVE-2026-9402 - Vulnerability Details

Description

A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument ateFunc/ateGain/ateRate/ateChan/ateTxCount/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/ateTxFreqOffset/ateMode/ateMacID/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/readE2P/e2pTxPwDeltaN results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-05-24

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability exists in the POST Request Handler of Edimax BR-6675nD firmware 1.12 where multiple parameters sent to the formWlanMP endpoint can be manipulated to execute arbitrary commands on the device. This command injection flaw is capable of compromising confidentiality, integrity, and availability, and can potentially allow an attacker to take full control of the device. The fact that the exploit is publicly available and can be launched remotely indicates a tangible risk to any exposed units.

Affected Systems

The affected product is the Edimax BR-6675nD router running firmware version 1.12. No other versions or vendors are listed as impacted at this time.

Risk and Exploitability

The CVSS score of 5.3 places this vulnerability in the moderate severity range, and the EPSS score is unavailable, which does not indicate a high likelihood of widespread exploitation yet. The vulnerability is not listed in the CISA KEV catalog. Attackers can leverage the vulnerable formWlanMP POST endpoint over the network to launch the command injection, but no additional requirements beyond network reachability are specified in the description. The overall risk remains moderate pending a vendor patch.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Edimax

BR-6675nD

affected

Version	Status	Constraints
`1.12`	affected	—

No data.

Vendor Product Confidence Versions

Edimax

Br-6675nd

95%

Version	Status	Scheme	Platform
`1.12`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Block external access to the /goform/formWlanMP endpoint with firewall rules or ACLs.
Disable or remove unused POST or management interfaces if the device supports it to reduce the attack surface.
Patch the formWlanMP handler to enforce strict input validation and parameter whitelisting, addressing the command injection flaw (CWE‑77) and preventing insecure object references (CWE‑74).
Apply the latest firmware update from Edimax once the vendor releases a fix.

Generated by OpenCVE AI on May 25, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6675nD-formWlanMP-34b53a41781f8041aa2ecb4fa1927f59?source=copy_link
https://vuldb.com/submit/811565
https://vuldb.com/vuln/365383
https://vuldb.com/vuln/365383/cti

History

Sun, 24 May 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument ateFunc/ateGain/ateRate/ateChan/ateTxCount/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/ateTxFreqOffset/ateMode/ateMacID/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/readE2P/e2pTxPwDeltaN results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Edimax BR-6675nD POST Request formWlanMP command injection
First Time appeared		Edimax Edimax br-6675nd
Weaknesses		CWE-74 CWE-77
CPEs		cpe:2.3:a:edimax:br-6675nd::::::::
Vendors & Products		Edimax Edimax br-6675nd
References		https://lavender-bicycle-a5a.notion.site/EDIMAX-BR-6675nD-formWlanMP-34b53a41781f8041aa2ecb4fa1927f59?source=copy_link https://vuldb.com/submit/811565 https://vuldb.com/vuln/365383 https://vuldb.com/vuln/365383/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Edimax Br-6675nd

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-24T22:30:12.790Z

Updated: 2026-05-24T22:30:12.790Z

Reserved: 2026-05-24T06:24:18.108Z

Link: CVE-2026-9402

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-25T01:30:12Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object