Filtered by vendor Edimax
Subscriptions
Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14094 | 1 Edimax | 1 Br-6478ac V3 | 2025-12-05 | 4.7 Medium |
| A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14093 | 1 Edimax | 1 Br-6478ac V3 | 2025-12-05 | 4.7 Medium |
| A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14092 | 1 Edimax | 1 Br-6478ac V3 | 2025-12-05 | 4.7 Medium |
| A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-34029 | 1 Edimax | 3 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware, Ew-7438rpn Mini V2 | 2025-11-20 | 8.8 High |
| An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC. | ||||
| CVE-2025-34024 | 1 Edimax | 3 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware, Ew-7438rpn Mini V2 | 2025-11-20 | 8.8 High |
| An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC. | ||||
| CVE-2025-1316 | 1 Edimax | 2 Ic-7100, Ic-7100 Firmware | 2025-10-30 | 9.8 Critical |
| Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device | ||||
| CVE-2025-56706 | 1 Edimax | 2 Br-6473ax, Br-6473ax Firmware | 2025-09-19 | 8 High |
| Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function. | ||||
| CVE-2025-45857 | 1 Edimax | 2 Cv-7428ns, Cv-7428ns Firmware | 2025-07-11 | 9.8 Critical |
| EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. | ||||
| CVE-2023-49351 | 1 Edimax | 2 Br-6478ac, Br-6478ac Firmware | 2025-06-02 | 9.8 Critical |
| A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function. | ||||
| CVE-2024-48419 | 1 Edimax | 2 Br-6476ac, Br-6476ac Firmware | 2025-05-28 | 8.8 High |
| Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges. | ||||
| CVE-2024-48416 | 1 Edimax | 2 Br-6476ac, Br-6476ac Firmware | 2025-05-28 | 8.8 High |
| Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding. | ||||
| CVE-2024-48417 | 1 Edimax | 2 Br-6476ac, Br-6476ac Firmware | 2025-05-28 | 5.2 Medium |
| Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter. | ||||
| CVE-2024-48418 | 1 Edimax | 2 Br-6476ac, Br-6476ac Firmware | 2025-05-28 | 8.8 High |
| In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands. | ||||
| CVE-2024-48420 | 1 Edimax | 2 Br-6476ac, Br-6476ac Firmware | 2025-05-28 | 8.8 High |
| Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic. | ||||
| CVE-2025-28146 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-28 | 9.8 Critical |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel | ||||
| CVE-2025-1612 | 1 Edimax | 2 Br-6288acl, Br-6288acl Firmware | 2025-05-21 | 3.5 Low |
| A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-28144 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-02 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function. | ||||
| CVE-2025-28145 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. | ||||
| CVE-2025-28143 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. | ||||
| CVE-2025-28142 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. | ||||