Edimax EW-7438RPn formWlanMP stack-based overflow
Description
A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack-based buffer overflow in Edimax EW-7438RPn 1.31 allows remote unauthenticated attackers to execute arbitrary code via a crafted POST to /goform/formWlanMP.
Vulnerability
A stack-based buffer overflow vulnerability exists in the formWlanMP function of the /goform/formWlanMP endpoint in the Edimax EW-7438RPn extender firmware version 1.31. The function copies user-supplied input parameters (including ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, and others) into a fixed-size stack buffer without length checking, as documented in [1]. The affected binary is webs [1]. The vulnerability is reachable by sending a crafted POST request to the /goform/formWlanMP URL.
Exploitation
An unauthenticated remote attacker can trigger the overflow by sending a POST request to the /goform/formWlanMP endpoint with one or more of the listed parameters containing an overly long string [1]. The public proof-of-concept (PoC) sets the ateFunc parameter to a long string of 'a' characters [1]. The attacker does not require any prior authentication or special network position beyond reachability of the device's web interface.
Impact
Successful exploitation overwrites the stack return address and allows arbitrary code execution at the privilege level of the webs process [1]. The attacker can potentially gain full control of the device, including modifying configuration, exfiltrating data, or using the device as a pivot point in the network. The impact is complete compromise of the affected device.
Mitigation
As of the publication date, no patch or fix has been released by Edimax; the vendor did not respond to disclosure attempts [1]. Users should consider isolating the device from untrusted networks and disabling remote management if possible. There are no known workarounds. The vendor may issue a firmware update in the future, but none is currently available. The vulnerability is publicly known and has been disclosed [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.31
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_8/8.mdmitreexploit
- vuldb.com/submit/813892mitrethird-party-advisory
- vuldb.com/vuln/365406mitrevdb-entrytechnical-description
- vuldb.com/vuln/365406/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.