VYPR

EW-7438RPn

by Edimax

CVEs (28)

  • CVE-2026-9361MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument submit-url causes command injection. The attack may be initiated remotely. The…

  • CVE-2026-9359MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanS…

  • CVE-2026-9347MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack…

  • CVE-2026-9343MedMay 23, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is…

  • CVE-2020-37097Feb 3, 2026
    risk 0.00cvss epss 0.00

    Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored…

  • CVE-2020-37096Feb 3, 2026
    risk 0.00cvss epss 0.00

    Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.

  • CVE-2025-34029Jun 20, 2025
    risk 0.00cvss epss 0.03

    An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit…

  • CVE-2025-34024Jun 20, 2025
    risk 0.00cvss epss 0.04

    An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using…

Page 2 of 2