CVE-2026-9295
published 2026-05-23CVE-2026-9295: A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component…
PriorityP266high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.54%
41.4th percentile
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | br-6428ns | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
cvelistv5v4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qc2w-vjr4-c222: A security flaw has been discovered in Edimax BR-6428NS 1
ghsa_unreviewed·2026-05-26
CVE-2026-9295 [HIGH] CWE-119 GHSA-qc2w-vjr4-c222: A security flaw has been discovered in Edimax BR-6428NS 1
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVEList
Edimax BR-6428NS POST Request formWirelessTbl buffer overflow
cvelistv5·2026-05-23·CVSS 8.7
CVE-2026-9295 [HIGH] CWE-120 Edimax BR-6428NS POST Request formWirelessTbl buffer overflow
Edimax BR-6428NS POST Request formWirelessTbl buffer overflow
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline: 2026-05-22: Advisory disclosed; 2026-05-22: VulDB entry created; 2026-05-22: VulDB entry last update
VulDB
Edimax BR-6428NS 1.10 POST Request /goform/formWirelessTbl vapurl buffer overflow
vuldb·2026-05-22
CVE-2026-9295 [CRITICAL] Edimax BR-6428NS 1.10 POST Request /goform/formWirelessTbl vapurl buffer overflow
A vulnerability identified as critical has been detected in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow.
This vulnerability is identified as CVE-2026-9295. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-23
Published