VYPR

Vendor CVEs

Edimax

All CVEs

122 total · sorted by risk
  • CVE-2026-9378MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument regDomain/ABandregDomain/nic0Addr/nic1Addr/wlanAddr/inicAddr results in command…

  • CVE-2026-9363MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote…

  • CVE-2026-9362MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting Handler. Such manipulation of the argument max_Conn/timeOut leads to command…

  • CVE-2026-9361MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument submit-url causes command injection. The attack may be initiated remotely. The…

  • CVE-2026-9359MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanS…

  • CVE-2026-9347MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack…

  • CVE-2026-9343MedMay 23, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is…

  • CVE-2026-9297MedMay 23, 2026
    risk 0.41cvss 6.3epss 0.01

    A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated…

  • CVE-2026-9296MedMay 23, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pT…

  • CVE-2026-8777MedMay 18, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection. The attack can be…

  • CVE-2026-8774MedMay 18, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The…

  • CVE-2026-7683MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely.…

  • CVE-2026-7682MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack…

  • CVE-2018-10569MedAug 13, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field.

  • CVE-2026-9423MedMay 25, 2026
    risk 0.31cvss 4.7epss 0.02

    A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The…

  • CVE-2025-14094MedDec 5, 2025
    risk 0.31cvss 4.7epss 0.18

    A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may…

  • CVE-2025-14093MedDec 5, 2025
    risk 0.31cvss 4.7epss 0.17

    A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public…

  • CVE-2025-14092MedDec 5, 2025
    risk 0.31cvss 4.7epss 0.15

    A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit…

  • CVE-2025-14910MedDec 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this…

  • CVE-2026-1970LowFeb 5, 2026
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and…

  • CVE-2025-15258LowDec 30, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is…

  • CVE-2025-1316KEVMar 4, 2025
    risk 0.19cvss epss 0.72

    Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

  • CVE-2026-1971LowFeb 6, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been…

  • CVE-2025-28143Apr 15, 2025
    risk 0.03cvss epss 0.08

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup.

  • CVE-2025-28142Apr 15, 2025
    risk 0.03cvss epss 0.08

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare.

  • CVE-2025-28145Apr 15, 2025
    risk 0.03cvss epss 0.08

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat.

  • CVE-2025-28146Apr 4, 2025
    risk 0.03cvss epss 0.09

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel

  • CVE-2004-1790Dec 31, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL.

  • CVE-2026-12810Jun 21, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be…

  • CVE-2026-12809Jun 21, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched…

  • CVE-2026-12808Jun 21, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The…

  • CVE-2026-12807Jun 21, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch…

  • CVE-2026-12806Jun 21, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to…

  • CVE-2026-32838Mar 17, 2026
    risk 0.00cvss epss 0.00

    Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration…

  • CVE-2026-32839Mar 17, 2026
    risk 0.00cvss epss 0.00

    Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of…

  • CVE-2026-32840Mar 17, 2026
    risk 0.00cvss epss 0.00

    Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with…

  • CVE-2026-32842Mar 17, 2026
    risk 0.00cvss epss 0.00

    Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract…

  • CVE-2026-1972Feb 6, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made…

  • CVE-2020-37150Feb 5, 2026
    risk 0.00cvss epss 0.01

    Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive…

  • CVE-2020-37149Feb 5, 2026
    risk 0.00cvss epss 0.00

    Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device…

  • CVE-2020-37125Feb 5, 2026
    risk 0.00cvss epss 0.06

    Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection…

  • CVE-2020-37097Feb 3, 2026
    risk 0.00cvss epss 0.00

    Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored…

  • CVE-2020-37096Feb 3, 2026
    risk 0.00cvss epss 0.00

    Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.

  • CVE-2025-70161Jan 9, 2026
    risk 0.00cvss epss 0.24

    EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName…

  • CVE-2025-56706Sep 16, 2025
    risk 0.00cvss epss 0.02

    Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function.

  • CVE-2025-34029Jun 20, 2025
    risk 0.00cvss epss 0.03

    An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit…

  • CVE-2025-34024Jun 20, 2025
    risk 0.00cvss epss 0.04

    An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using…

  • CVE-2025-45857May 13, 2025
    risk 0.00cvss epss 0.01

    EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.

  • CVE-2025-28144Apr 15, 2025
    risk 0.00cvss epss 0.04

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function.

  • CVE-2025-1612Feb 24, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. The attack can be initiated remotely. The…