Description
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-25
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the formiNICSiteSurvey function within the POST Request Handler of Edimax BR-6478AC firmware 1.23. Maliciously manipulating the selSSID parameter causes a buffer overflow, allowing an attacker to overwrite memory and potentially execute arbitrary code. The flaw can be triggered remotely via a crafted HTTP POST request, so an adversary without local access can exploit it, resulting in full compromise of the device.

Affected Systems

Affected systems are Edimax BR-6478AC routers running firmware version 1.23. No other versions are listed in the CNA data. The device is a consumer‑grade Wi‑Fi access point, and the vulnerability is tied to a single web interface endpoint.

Risk and Exploitability

The CVSS score of 8.7 signals a high severity risk, and although an EPSS score is not available, the exploit has already been published online. The vulnerability is not listed in CISA KEV, but the lack of vendor response and publicly available exploit code amplify the potential impact. Attackers could use this flaw through any network that can reach the router’s web interface, and the absence of hardening steps makes the device especially vulnerable.

Generated by OpenCVE AI on May 25, 2026 at 10:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact Edimax and request an official firmware patch or update as soon as available.
  • Implement a firewall rule or access control list to block or limit POST requests to /goform/formiNICSiteSurvey from untrusted networks.
  • Enable logging of HTTP requests and monitor for unusual traffic patterns targeting the vulnerable endpoint.

Generated by OpenCVE AI on May 25, 2026 at 10:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Edimax br-6478ac
Vendors & Products Edimax br-6478ac

Mon, 25 May 2026 09:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax BR-6478AC POST Request formiNICSiteSurvey buffer overflow
First Time appeared Edimax
Edimax br-6478ac Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:edimax:br-6478ac_firmware:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax br-6478ac Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Br-6478ac Br-6478ac Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T08:30:10.571Z

Reserved: 2026-05-24T07:25:58.734Z

Link: CVE-2026-9442

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T10:30:22Z

Weaknesses