Edimax EW-7438RPn Content-Type formWlanMP os command injection
Description
A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in Edimax EW-7438RPn firmware 1.31 allows remote attackers to execute arbitrary OS commands via crafted POST requests to /goform/formWlanMP.
Vulnerability
The vulnerability resides in the formWlanMP function of the /goform/formWlanMP endpoint in Edimax EW-7438RPn firmware version 1.31. The function directly passes user-supplied values from arguments such as ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, e2pTxPower1 through e2pTxPower7, e2pTx2Power1 through e2pTx2Power7, ateTxFreqOffset, ateMode, ateBW, ateAntenna, e2pTxFreqOffset, e2pTxPwDeltaB, e2pTxPwDeltaG, e2pTxPwDeltaMix, e2pTxPwDeltaN, and readE2P into an OS command without sanitization, enabling command injection [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication by sending a crafted HTTP POST request to /goform/formWlanMP. The request includes malicious payloads in any of the listed arguments; for example, setting ateFunc to telnetd -l /bin/sh -p 1234 starts a telnet daemon on the device [1]. No user interaction or special privileges are required beyond network access to the device.
Impact
Successful exploitation allows an attacker to execute arbitrary OS commands on the device with root privileges. This can lead to full compromise of the extender, including data exfiltration, further network attacks, and persistent backdoor access.
Mitigation
As of the publication date, the vendor (Edimax) has not responded to the disclosure and no patch or firmware update has been released [1]. Users should isolate the device from untrusted networks, disable remote management if possible, or consider replacing the device if it remains unpatched.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.31
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_7/7.mdmitreexploit
- vuldb.com/submit/813891mitrethird-party-advisory
- vuldb.com/vuln/365405mitrevdb-entrytechnical-description
- vuldb.com/vuln/365405/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.