Description
A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exposes a stack‑based buffer overflow in the formAccept function of the/router’s web interface. By carefully crafting the submit-url argument, an attacker can overflow the stack and potentially execute arbitrary code, effectively bypassing the router’s security controls. This flaw aligns with CWE‑119 and CWE‑121, indicating that unvalidated input leads to an uncontrolled buffer overrun.

Affected Systems

The flaw has been identified in the Edimax EW‑7438RPn router running firmware version 1.31. No other versions or editions were disclosed in the current data.

Risk and Exploitability

The CVSS score of 8.7 denotes a high‑severity vulnerability that can be triggered remotely without authentication. EPSS is not available, yet the existence of a publicly released exploit indicates a non‑negligible exploitation probability. It is not currently listed in the CISA KEV catalog. The likely attack vector is an unauthenticated remote attack via the device’s web interface, specifically the /goform/formAccept endpoint. Successful exploitation could grant full control over the device, allowing an adversary to compromise network traffic, inject malware, or pivot to other systems on the LAN.

Generated by OpenCVE AI on May 25, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Edimax that contains a fix for the formAccept buffer overflow, if such an update exists.
  • If no patch is available, block or restrict external access to the /goform/formAccept endpoint by configuring firewall rules or network segmentation to limit access to trusted hosts.
  • Implement logging and intrusion detection to monitor for anomalous requests to the formAccept endpoint and investigate any suspicious activity promptly.

Generated by OpenCVE AI on May 25, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7438RPn formAccept stack-based overflow
First Time appeared Edimax
Edimax ew-7438rpn
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:edimax:ew-7438rpn:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7438rpn
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7438rpn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T13:00:12.208Z

Reserved: 2026-05-24T08:03:06.893Z

Link: CVE-2026-9460

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T16:30:15Z

Weaknesses