PatchSiren cyber security CVE debrief
CVE-2026-10125 Edimax CVE debrief
A stack-based buffer overflow vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The vulnerability is located in the formPPPoESetup function within the /goform/formPPPoESetup endpoint, which handles POST requests. The pppUserName parameter is not properly validated, allowing an attacker to send an oversized value that overflows the stack buffer. The attack vector is network-based, requires low attack complexity, and needs prior authentication (low privileges). The vulnerability has a HIGH CVSS severity score of 7.4. The exploit has been publicly disclosed and may be actively used. The CVE was published on 2026-05-30 and last modified on 2026-06-01. The NVD status is currently Deferred. The vendor attribution is marked as low confidence and requires review, with the vendor candidate derived from a Notion-hosted reference document.
- Vendor
- Edimax
- Product
- BR-6478AC
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-30
- Original CVE updated
- 2026-06-01
- Advisory published
- 2026-05-30
- Advisory updated
- 2026-06-01
Who should care
Network administrators managing Edimax BR-6478AC routers, SOHO network operators, managed security service providers, and organizations relying on Edimax networking equipment for internet connectivity should prioritize assessment and mitigation.
Technical summary
The Edimax BR-6478AC firmware 1.23 contains a stack-based buffer overflow in the formPPPoESetup function of the /goform/formPPPoESetup POST request handler. The pppUserName parameter lacks sufficient bounds checking, enabling remote authenticated attackers to overflow the stack buffer. Successful exploitation could result in arbitrary code execution with elevated privileges on the router. The vulnerability is remotely exploitable with low attack complexity, though authentication is required. A public exploit is available, increasing the risk of active exploitation.
Defensive priority
HIGH
Recommended defensive actions
- Restrict network access to the router's administrative interface to trusted management networks only
- Implement network segmentation to isolate affected routers from untrusted networks
- Monitor for unusual POST requests to /goform/formPPPoESetup with abnormally large pppUserName values
- Apply firmware updates from Edimax when available; verify vendor authenticity due to low-confidence vendor attribution
- Consider replacing affected devices if patches are not forthcoming, given public exploit availability
- Review and strengthen input validation on all router administrative endpoints
- Enable logging and alerting for authentication attempts and configuration changes on affected devices
Evidence notes
The vulnerability description is sourced from NVD with CNA attribution to VulDB. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), low privileges required (PR:L), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). The exploit availability is marked as 'P' (proof of concept or public exploit present). Weaknesses are classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). The vendor field shows 'Unknown Vendor' with low confidence due to reliance on reference domain candidate 'Notion' rather than direct vendor confirmation.
Official resources
Public