VYPR

Vendor CVEs

Edimax

All CVEs

122 total · sorted by risk
  • CVE-2024-48416Jan 27, 2025
    risk 0.00cvss epss 0.00

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.

  • CVE-2024-48417Jan 27, 2025
    risk 0.00cvss epss 0.00

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.

  • CVE-2024-48419Jan 27, 2025
    risk 0.00cvss epss 0.02

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an…

  • CVE-2024-48418Jan 27, 2025
    risk 0.00cvss epss 0.00

    In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.

  • CVE-2024-48420Jan 27, 2025
    risk 0.00cvss epss 0.00

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.

  • CVE-2024-7616Aug 8, 2024
    risk 0.00cvss epss 0.05

    A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted…

  • CVE-2023-49351Jan 16, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function.

  • CVE-2023-33722May 31, 2023
    risk 0.00cvss epss 0.02

    EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter.

  • CVE-2023-31986May 15, 2023
    risk 0.00cvss epss 0.08

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.

  • CVE-2023-31983May 12, 2023
    risk 0.00cvss epss 0.25

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.

  • CVE-2023-31985May 12, 2023
    risk 0.00cvss epss 0.08

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.

  • CVE-2021-40597Jun 29, 2022
    risk 0.00cvss epss 0.02

    The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.

  • CVE-2021-30165Apr 27, 2021
    risk 0.00cvss epss 0.01

    The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.

  • CVE-2020-26762Dec 1, 2020
    risk 0.00cvss epss 0.02

    A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type…

  • CVE-2019-13269Aug 27, 2019
    risk 0.00cvss epss 0.01

    Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with…

  • CVE-2019-13270Aug 27, 2019
    risk 0.00cvss epss 0.01

    Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it…

  • CVE-2019-13271Aug 27, 2019
    risk 0.00cvss epss 0.01

    Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as…

  • CVE-2016-10863Aug 8, 2019
    risk 0.00cvss epss 0.01

    Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.

  • CVE-2011-4502Nov 22, 2011
    risk 0.00cvss epss 0.06

    The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15…

  • CVE-2011-4501Nov 22, 2011
    risk 0.00cvss epss 0.04

    The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15…

  • CVE-2006-2561May 24, 2006
    risk 0.00cvss epss 0.02

    Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to…

  • CVE-2004-1791Dec 31, 2004
    risk 0.00cvss epss 0.02

    The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access.

Page 3 of 3