Description
A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the formWlSiteSurvey handler of the Edimax BR-6675nD 1.12 firmware, where manipulating the selSSID argument causes a stack-based buffer overflow. The vulnerability is exploitable via a crafted POST request and could allow an attacker to execute arbitrary code on the device, compromising confidentiality, integrity, and availability of the router’s management functions.

Affected Systems

The affected product is the Edimax BR-6675nD wireless router. No specific firmware revisions beyond 1.12 are listed as insecure, and the CVE only references the 1.12 version. External references indicate that the device may expose the vulnerable endpoint to the wider network.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. The EPSS score is not available, but the vulnerability is publicly disclosed and may be used remotely. The vendor has not responded to the disclosure, and the weakness is not yet listed in CISA KEV, yet the potential for remote code execution means that diligent assessment and timely remediation is required.

Generated by OpenCVE AI on May 25, 2026 at 00:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that contains the fix for the formWlSiteSurvey buffer overflow (addresses CWE-119 and CWE-120).
  • If a firmware upgrade is unavailable, block or limit access to the /goform/formWlSiteSurvey endpoint by configuring the device firewall or an external ACL to allow only trusted IP ranges.
  • Segregate the router’s management interface behind a separate network segment and restrict remote access so that only network administrators can reach the vulnerable endpoint.
  • Continuously monitor the device for anomalous POST traffic and for signs of exploitation attempts.

Generated by OpenCVE AI on May 25, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 23:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6675nD POST Request formWlSiteSurvey buffer overflow
First Time appeared Edimax
Edimax br-6675nd
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:edimax:br-6675nd:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6675nd
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6675nd
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T22:45:11.548Z

Reserved: 2026-05-24T06:24:21.068Z

Link: CVE-2026-9403

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T01:45:13Z

Weaknesses