CVE-2026-9360
published 2026-05-24CVE-2026-9360: A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.45%
35.6th percentile
A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | ew-7438rpn | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
cvelistv5v4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ffgh-x7gp-prmx: A security flaw has been discovered in Edimax EW-7438RPn 1
ghsa_unreviewed·2026-05-26
CVE-2026-9360 [HIGH] CWE-119 GHSA-ffgh-x7gp-prmx: A security flaw has been discovered in Edimax EW-7438RPn 1
A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVEList
Edimax EW-7438RPn POST Request formwlencrypt24g buffer overflow
cvelistv5·2026-05-24·CVSS 8.7
CVE-2026-9360 [HIGH] CWE-120 Edimax EW-7438RPn POST Request formwlencrypt24g buffer overflow
Edimax EW-7438RPn POST Request formwlencrypt24g buffer overflow
A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline: 2026-05-23: Advisory disclosed; 2026-05-23: VulDB entry created; 2026-05-23: VulDB entry last update
VulDB
Edimax EW-7438RPn 1.28a POST Request /goform/formwlencrypt24g key1 buffer overflow
vuldb·2026-05-23
CVE-2026-9360 [CRITICAL] Edimax EW-7438RPn 1.28a POST Request /goform/formwlencrypt24g key1 buffer overflow
A vulnerability was found in Edimax EW-7438RPn 1.28a. It has been declared as critical. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow.
This vulnerability is reported as CVE-2026-9360. The attack can be launched remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-24
Published