CVE-2026-9297
published 2026-05-23CVE-2026-9297: A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST…
PriorityP354medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
1.40%
69.0th percentile
A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | br-6428ns | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cvelistv5v4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gxpf-66ch-99jw: A security vulnerability has been detected in Edimax BR-6428NS 1
ghsa_unreviewed·2026-05-26
CVE-2026-9297 [LOW] CWE-74 GHSA-gxpf-66ch-99jw: A security vulnerability has been detected in Edimax BR-6428NS 1
A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVEList
Edimax BR-6428NS POST Request formWlbasic command injection
cvelistv5·2026-05-23·CVSS 5.3
CVE-2026-9297 [MEDIUM] CWE-77 Edimax BR-6428NS POST Request formWlbasic command injection
Edimax BR-6428NS POST Request formWlbasic command injection
A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline: 2026-05-22: Advisory disclosed; 2026-05-22: VulDB entry created; 2026-05-23: VulDB entry last update
VulDB
ReQuest these 1.10 POST Request /goform/formWlbasic repeaterSSID command injection
vuldb·2026-05-22
CVE-2026-9297 [CRITICAL] ReQuest these 1.10 POST Request /goform/formWlbasic repeaterSSID command injection
A vulnerability marked as critical has been reported in ReQuest these 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection.
This vulnerability is listed as CVE-2026-9297. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-23
Published