CVE-2026-9400
published 2026-05-24CVE-2026-9400: A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request…
PriorityP351medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
1.16%
63.1th percentile
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edimax | br-6675nd | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cvelistv5v4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-53r7-38m4-hpmp: A flaw has been found in Edimax BR-6675nD 1
ghsa_unreviewed·2026-05-26
CVE-2026-9400 [LOW] CWE-74 GHSA-53r7-38m4-hpmp: A flaw has been found in Edimax BR-6675nD 1
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB
Edimax BR-6675nD 1.12 POST Request /goform/formUSBStorage sub_dir command injection
vuldb·2026-05-24
CVE-2026-9400 [CRITICAL] Edimax BR-6675nD 1.12 POST Request /goform/formUSBStorage sub_dir command injection
A vulnerability categorized as critical has been discovered in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection.
This vulnerability is registered as CVE-2026-9400. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
CVEList
Edimax BR-6675nD POST Request formUSBStorage command injection
cvelistv5·2026-05-24·CVSS 5.3
CVE-2026-9400 [MEDIUM] CWE-77 Edimax BR-6675nD POST Request formUSBStorage command injection
Edimax BR-6675nD POST Request formUSBStorage command injection
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline: 2026-05-24: Advisory disclosed; 2026-05-24: VulDB entry created; 2026-05-24: VulDB entry last update
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-24
Published