Edimax EW-7438RPn webs mp stack-based overflow
Description
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in Edimax EW-7438RPn firmware up to 1.31 allows remote attackers to execute arbitrary code via a long 'webs' parameter to /goform/mp.
Vulnerability
The vulnerability is a stack-based buffer overflow in the webs binary of Edimax EW-7438RPn devices running firmware version 1.31. The mp function within the file /goform/mp copies user-supplied input from the webs parameter into a stack buffer without performing bounds checking, leading to buffer overflow [1].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to /goform/mp with an excessively long webs argument. The provided PoC demonstrates that sending a long string causes the device to crash, and due to the overflow, an attacker can overwrite the return address to gain control of code execution [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the device, likely with root privileges. This can lead to full compromise of the router's functionality, including data exfiltration, network attacks, or usage as a botnet node [1].
Mitigation
As of the disclosure date, the vendor has not provided a fix or official response. Users of the Edimax EW-7438RPn should restrict network access to the management interface and consider replacing the device if remote access is required. No patch is available for version 1.31 or earlier [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.31
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_6/6.mdmitreexploit
- vuldb.com/submit/813890mitrethird-party-advisory
- vuldb.com/vuln/365311mitrevdb-entrytechnical-description
- vuldb.com/vuln/365311/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.