Description
A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max_Conn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the formConnectionSetting function of the Edimax EW‑7438RPn firmware 1.31. The vulnerability is triggered by crafted values for the max_Conn and timeOut parameters. When exploited, this flaw can allow an attacker to execute arbitrary code on the device with the privileges of the running process, potentially compromising confidentiality, integrity, and availability of the network and connected systems.

Affected Systems

Edimax EW‑7438RPn 1.31 wireless router. No other products or firmware versions are listed as affected in the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity and the publicly released exploit confirms that attackers can target this flaw remotely via the HTTP interface. The EPSS score is not available, but the presence of a public exploit suggests a realistic attack threat. Because the vulnerability is not listed in the CISA KEV catalog, it may be less visible to defenders, yet the remote nature and high severity warrant immediate attention.

Generated by OpenCVE AI on May 25, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that the router firmware is 1.31 and is running unpatched; no official patch is currently published by Edimax.
  • Apply any firmware update released by the vendor that addresses the buffer overflow or upgrade to a newer model if no update exists.
  • Configure the router’s firewall or network perimeter devices to block external access to the /goform/formConnectionSetting endpoint until the device is patched or replaced.

Generated by OpenCVE AI on May 25, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max_Conn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7438RPn formConnectionSetting stack-based overflow
First Time appeared Edimax
Edimax ew-7438rpn
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:edimax:ew-7438rpn:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7438rpn
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7438rpn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T12:45:08.381Z

Reserved: 2026-05-24T08:03:03.965Z

Link: CVE-2026-9459

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T16:00:13Z

Weaknesses