Description
A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow exists in the formLogout function of Edimax EW‑7438RPn firmware 1.31, triggered by manipulation of the submit‑url argument. The flaw allows an attacker to supply a lengthy input that overwrites adjacent stack data, potentially leading to arbitrary code execution. The vulnerability is exploitable remotely, as the affected endpoint is reachable via the router's web interface and the exploit has been publicly disclosed.

Affected Systems

The vulnerability affects Edimax EW‑7438RPn routers that run firmware version 1.31. No other versions are listed in the available data, but the description implies that firmware 1.31 is specifically impacted by the stack‑based overflow in formLogout.

Risk and Exploitability

With a CVSS score of 8.7 the flaw is classified as high severity, and the EPSS score is not available, indicating no current data on exploitation probability but not meaning the risk is low. The vulnerability is not listed in the CISA KEV catalog, yet the public disclosure and lack of vendor response suggest that the flaw could be actively exploited. Attackers can reach the vulnerable endpoint from any network that can access the router’s web interface, which is often exposed from the internet or corporate LAN.

Generated by OpenCVE AI on May 25, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest firmware released by Edimax that contains a fix for the formLogout overflow.
  • If a firmware update is unavailable, restrict external access to the WAN side of the router’s web interface by blocking or filtering HTTP/HTTPS traffic or by placing the device behind a firewall rule that permits only trusted IPs.
  • As a temporary containment measure, consider disabling or blocking the /goform/formLogout endpoint or the web administration interface entirely on the router if network policies allow.

Generated by OpenCVE AI on May 25, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Edimax EW-7438RPn formLogout stack-based overflow
First Time appeared Edimax
Edimax ew-7438rpn
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:edimax:ew-7438rpn:*:*:*:*:*:*:*:*
Vendors & Products Edimax
Edimax ew-7438rpn
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Edimax Ew-7438rpn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T17:45:08.087Z

Reserved: 2026-05-24T09:18:31.957Z

Link: CVE-2026-9479

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T20:00:11Z

Weaknesses