Edimax Br-6478Ac vulnerabilities
11 known vulnerabilities affecting edimax/br-6478ac.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2026-10165P2HIGHCVSS 8.8v1.232026-05-31
CVE-2026-10165 [HIGH] CWE-119 CVE-2026-10165: A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWa
A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and m
nvd
CVE-2026-10125P2HIGHCVSS 8.8v1.232026-05-30
CVE-2026-10125 [HIGH] CWE-119 CVE-2026-10125: A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the funct
A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and m
nvd
CVE-2026-9443P2HIGHCVSS 8.8v1.232026-05-25
CVE-2026-9443 [HIGH] CWE-119 CVE-2026-9443: A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the
A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be
cvelistv5nvd
CVE-2026-10126P2HIGHCVSS 8.8v1.232026-05-30
CVE-2026-10126 [HIGH] CWE-119 CVE-2026-10126: A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function
A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks
nvd
CVE-2026-10163P2HIGHCVSS 8.8v1.232026-05-31
CVE-2026-10163 [HIGH] CWE-119 CVE-2026-10163: A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAcco
A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and ma
nvd
CVE-2026-9442P2HIGHCVSS 8.8v1.232026-05-25
CVE-2026-9442 [HIGH] CWE-119 CVE-2026-9442: A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurve
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could
cvelistv5nvd
CVE-2026-10164P2HIGHCVSS 8.8v1.232026-05-31
CVE-2026-10164 [HIGH] CWE-119 CVE-2026-10164: A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the fi
A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
nvd
CVE-2026-9441P3MEDIUMCVSS 6.3v1.232026-05-25
CVE-2026-9441 [MEDIUM] CWE-74 CVE-2026-9441: A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function
A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated remotely. The exploit has been released to the public an
cvelistv5nvd
CVE-2026-10127P3MEDIUMCVSS 6.3v1.232026-05-30
CVE-2026-10127 [MEDIUM] CWE-74 CVE-2026-10127: A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup o
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used fo
nvd
CVE-2026-9440P3MEDIUMCVSS 6.3v1.232026-05-25
CVE-2026-9440 [MEDIUM] CWE-74 CVE-2026-9440: A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the funct
A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be use
cvelistv5nvd
CVE-2026-10166P3MEDIUMCVSS 6.3v1.232026-05-31
CVE-2026-10166 [MEDIUM] CWE-74 CVE-2026-10166: A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWl
A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be uti
nvd