CVE-2026-10166
published 2026-05-31CVE-2026-10166: A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST…
PriorityP351medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
1.07%
60.7th percentile
A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | br-6478ac | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
A vulnerability was determined in Edimax BR-6478AC 1.23.
ghsa_unreviewed·2026-05-31
CVE-2026-10166 [LOW] CWE-74 A vulnerability was determined in Edimax BR-6478AC 1.23.
A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
VulDB
Edimax BR-6478AC 1.23 POST Request /goform/formWlbasic rootAPmac command injection
vuldb·2026-05-30
CVE-2026-10166 [CRITICAL] Edimax BR-6478AC 1.23 POST Request /goform/formWlbasic rootAPmac command injection
A vulnerability, which was classified as critical, has been found in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection.
This vulnerability is tracked as CVE-2026-10166. The attack is possible to be carried out remotely. Moreover, an exploit is present.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-31
Published