Unrated severityNVD Advisory· Published Jun 21, 2026

Edimax BR-6478AC V2 POST Request setWAN command injection

CVE-2026-12807

Description

A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Edimax/BR-6478ACllm-fuzzy
Range: =1.23

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-setWAN-34b53a41781f80b98c4be24d8cae61b1mitreexploit
vuldb.com/cve/CVE-2026-12807mitrethird-party-advisory
vuldb.com/submit/836669mitrethird-party-advisory
vuldb.com/vuln/372601mitrevdb-entrytechnical-description
vuldb.com/vuln/372601/ctimitresignaturepermissions-required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000