CVE 8.7 HIGH

Edimax BR-6478AC POST Request formL2TPSetup buffer overflow_CVE-2026-9443

May 25, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Buffer overflow vulnerability in the formL2TPSetup function of Edimax BR-6478AC 1.23, allowing remote attackers to exploit the L2TPUserName argument.

Basic Information

ID CVE-2026-9443

Source VulDB

Published May 25, 2026 at 08:45

Affected Product

Vendor Edimax

Product BR-6478AC

Version 1.23

Affected Versions Edimax BR-6478AC 1.23

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Edimax

Product BR-6478AC

Version 1.23

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-25T08:45:07.806Z",
    "modified": "2026-05-25T08:45:07.806Z",
    "type": "cve",
    "title": "Edimax BR-6478AC POST Request formL2TPSetup buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/365424\nhttps://vuldb.com/vuln/365424/cti\nhttps://vuldb.com/submit/818452\nhttps://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formL2TPSetup-34b53a41781f809e9c30c1260cc5d92e?source=copy_link",
    "id": "CVE-2026-9443",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Edimax BR-6478AC 1.23",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BR-6478AC",
    "version": "1.23",
    "vendor": "Edimax",
    "ai_description": "Buffer overflow vulnerability in the formL2TPSetup function of Edimax BR-6478AC 1.23, allowing remote attackers to exploit the L2TPUserName argument.",
    "ai_severity": "High",
    "ai_vendor": "Edimax",
    "ai_product": "BR-6478AC",
    "ai_version": "1.23",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply