CVE-2026-9363
published 2026-05-24CVE-2026-9363: A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the…
PriorityP351medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
1.16%
63.1th percentile
A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | ew-7438rpn | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cvelistv5v4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-96rp-83gj-hh58: A vulnerability was detected in Edimax EW-7438RPn 1
ghsa_unreviewed·2026-05-26
CVE-2026-9363 [LOW] CWE-74 GHSA-96rp-83gj-hh58: A vulnerability was detected in Edimax EW-7438RPn 1
A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVEList
Edimax EW-7438RPn POST Request formEZCHNwlanSetu formEZCHNwlanSetup command injection
cvelistv5·2026-05-24·CVSS 5.3
CVE-2026-9363 [MEDIUM] CWE-77 Edimax EW-7438RPn POST Request formEZCHNwlanSetu formEZCHNwlanSetup command injection
Edimax EW-7438RPn POST Request formEZCHNwlanSetu formEZCHNwlanSetup command injection
A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline: 2026-05-23: Advisory disclosed; 2026-05-23: VulDB entry created; 2026-05-23: VulDB entry last update
VulDB
Edimax EW-7438RPn 1.12 POST Request formEZCHNwlanSetu formEZCHNwlanSetup method command injection
vuldb·2026-05-23
CVE-2026-9363 [CRITICAL] Edimax EW-7438RPn 1.12 POST Request formEZCHNwlanSetu formEZCHNwlanSetup method command injection
A vulnerability identified as critical has been detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection.
This vulnerability is known as CVE-2026-9363. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-24
Published