Description
A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the formWlSiteSurvey function of the web interface on the Edimax EW‑7438RPn router. A malformed selSSID or submit‑url argument causes a stack‑based overflow, allowing remote control to corrupt the stack. An attacker who can reach the web interface can gain arbitrary code execution on the device, potentially compromising the network. The vulnerability is a classic stack buffer overflow (CWE‑119/CWE‑121).

Affected Systems

The affected product is the Edimax EW‑7438RPn wireless router, specifically firmware version 1.31. No other vendors or versions are listed, so only this model and firmware are known to be vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates high impact. The exploit has already been published and can be executed over the network without special credentials, as the web interface is reachable remotely. No EPSS data is available, and the vulnerability is not in CISA KEV. Because the attack vector is remote and does not require local interaction, the risk for any exposed device is significant. Prompt mitigation is required.

Generated by OpenCVE AI on May 25, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that removes the stack buffer overflow or apply the vendor‑provided patch.
  • If no firmware update is available, disable the vulnerable web interface by blocking the web management ports or restricting access to trusted IP ranges with a firewall rule.
  • Replace or reimage the device with a secure alternative and configure management access to be limited to the internal network, monitoring for suspicious activity.

Generated by OpenCVE AI on May 25, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 05:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7438RPn webs formWlSiteSurvey stack-based overflow
First Time appeared Edimax
Edimax ew-7438rpn
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:edimax:ew-7438rpn:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7438rpn
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7438rpn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T04:45:09.802Z

Reserved: 2026-05-24T06:59:21.224Z

Link: CVE-2026-9427

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T06:30:18Z

Weaknesses