Low severity2.4NVD Advisory· Published Feb 6, 2026· Updated Apr 29, 2026

CVE-2026-1971

Description

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

Edimax/Br 6288acl Firmware
cpe:2.3:o:edimax:br-6288acl_firmware:*:*:*:*:*:*:*:*
Range: <=1.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tzh00203.notion.site/EDIMAX-BR6288ACL-v1-12-XSS-via-wiz_WISP24gmanual-asp-Configuration-2eeb5c52018a802e8ed9f6d000f7a6aanvdExploitThird Party Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.156
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000