Description
A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the formRadius function of the Edimax EW-7438RPn firmware 1.31. Malicious manipulation of the submit-url argument over the network triggers a stack-based buffer overflow. The overflow could allow an attacker to overwrite control data on the stack, resulting in arbitrary code execution on the device if an exploit payload is injected. The vulnerability is a classic out-of-bounds write, as indicated by CWE-119 and CWE-121, and poses a high-severity risk to confidentiality, integrity, and availability of the affected device.

Affected Systems

The only product noted by the CNA is the Edimax EW-7438RPn WLAN router. The affected firmware version is 1.31. No other versions or product lines are currently listed as impacted by this vulnerability. Network-connected devices running this firmware are thus at risk if exposed to the web interface that exposes the formRadius endpoint.

Risk and Exploitability

The CVSS score of 8.7 classifies this issue as high severity. The EPSS score is not provided, but the vulnerability has been publicly disclosed and the vendor has not released a fix. The flaw is remotely exploitable through the formRadius endpoint, so any device with the web interface exposed to the network could be targeted. The device is not listed in the CISA KEV catalog, indicating no confirmed large-scale exploitation has been observed, but the lack of vendor response raises concern that attackers might still find or develop a PoC.

Generated by OpenCVE AI on May 25, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check with Edimax for an official firmware update that addresses the formRadius buffer overflow
  • If no patch is available, isolate the device behind a firewall or VPN and restrict access to the web interface to trusted IP addresses only
  • Block or disable the /goform/formRadius URL via firewall rules or host-based access control to prevent exploitation of the vulnerable endpoint

Generated by OpenCVE AI on May 25, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7438RPn formRadius stack-based overflow
First Time appeared Edimax
Edimax ew-7438rpn
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:edimax:ew-7438rpn:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7438rpn
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7438rpn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T13:15:08.877Z

Reserved: 2026-05-24T08:03:09.409Z

Link: CVE-2026-9461

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T15:15:28Z

Weaknesses