Medium severity6.3NVD Advisory· Published May 31, 2026· Updated Jun 1, 2026
CVE-2026-10166
CVE-2026-10166
Description
A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
1- Edimax BR-6478AC: Seven Remote-Code-Execution Flaws Disclosed in 12-Hour BatchVypr Intelligence · May 31, 2026