Edimax EW-7438RPn webs formWizSurvey buffer overflow
Description
A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack buffer overflow in Edimax EW-7438RPn firmware up to 1.31 via the formWizSurvey function allows remote attackers to crash the device or execute arbitrary code.
Vulnerability
The vulnerability resides in the formWizSurvey function within the /goform/formWizSurvey endpoint of the webs binary on Edimax EW-7438RPn extenders running firmware version 1.31 (and possibly earlier versions). The function copies attacker-supplied values for the arguments ssid, manualssid, ip, mask, and gateway into a local stack buffer without any length validation. This unsanitized copy causes a classic stack-based buffer overflow [1]. The affected product is the Edimax EW-7438RPn, and the exploit is publicly available [1].
Exploitation
An attacker can trigger this vulnerability by sending a crafted HTTP POST request to the /goform/formWizSurvey endpoint. The request must contain one (or more) of the vulnerable parameters (ssid, manualssid, ip, mask, or gateway) with an overly long value, as shown in the public PoC where ssid is filled with a string of a characters [1]. No special network position is required beyond reachability of the web interface — the attack is fully remote. The PoC request includes authentication credentials (the example uses YWRtaW46MTIzNA== which decodes to admin:1234), indicating that the attacker must have valid administrator credentials or the device must be configured with default/weak credentials [1].
Impact
Successful exploitation corrupts the stack, overwriting the function's return address. The immediate effect demonstrated in the PoC is a crash of the webs server, leading to a denial of service (DoS). However, because the attacker controls the overflow data, arbitrary code execution on the device is also achievable, granting full control over the extender's functionality [1].
Mitigation
As of the publication date (2026-05-24), Edimax has not responded to the vulnerability disclosure and no patch has been released for the EW-7438RPn. The reference notes that the vendor was contacted but did not respond [1]. Users are advised to disconnect the device from untrusted networks or restrict access to the web interface using firewall rules. If the device is no longer supported, replacement with a patched or newer model should be considered. This CVE is not currently listed in the KEV catalogue.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.31
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_3/3.mdmitreexploit
- vuldb.com/submit/811542mitrethird-party-advisory
- vuldb.com/submit/813886mitrethird-party-advisory
- vuldb.com/vuln/365308mitrevdb-entrytechnical-description
- vuldb.com/vuln/365308/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.