CVE 8.7 HIGH

Edimax EW-7438RPn formHwSet stack-based overflow_CVE-2026-9426

May 25, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 via formHwSet function, allowing remote exploitation

Basic Information

ID CVE-2026-9426

Source VulDB

Published May 25, 2026 at 04:30

Affected Product

Vendor Edimax

Product EW-7438RPn

Version 1.31

Affected Versions Edimax EW-7438RPn 1.31

CWE Classification

CWE-121 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Edimax

Product EW-7438RPn

Version 1.31

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-25T04:30:09.505Z",
    "modified": "2026-05-25T04:30:09.505Z",
    "type": "cve",
    "title": "Edimax EW-7438RPn formHwSet stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/365407\nhttps://vuldb.com/vuln/365407/cti\nhttps://vuldb.com/submit/813894\nhttps://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_10/10.md",
    "id": "CVE-2026-9426",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Edimax EW-7438RPn 1.31",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EW-7438RPn",
    "version": "1.31",
    "vendor": "Edimax",
    "ai_description": "Stack-based buffer overflow in Edimax EW-7438RPn 1.31 via formHwSet function, allowing remote exploitation",
    "ai_severity": "High",
    "ai_vendor": "Edimax",
    "ai_product": "EW-7438RPn",
    "ai_version": "1.31",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply