PatchSiren cyber security CVE debrief
CVE-2026-10163 Edimax CVE debrief
A buffer overflow vulnerability exists in the Edimax BR-6478AC router firmware version 1.23. The flaw resides in the formUSBAccount function within the /goform/formUSBAccount endpoint, where improper handling of the UserName and Password parameters in POST requests allows remote attackers to trigger memory corruption. The vulnerability has been publicly disclosed with an available exploit, enabling remote exploitation without requiring user interaction. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no required privileges (PR:L in base, though description suggests remote exploitation possible), and high impact to confidentiality, integrity, and availability of the affected device. The weakness classifications are CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
- Vendor
- Edimax
- Product
- BR-6478AC
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-31
- Original CVE updated
- 2026-05-31
- Advisory published
- 2026-05-31
- Advisory updated
- 2026-05-31
Who should care
Organizations and individuals using Edimax BR-6478AC routers for network infrastructure, particularly those exposing administrative interfaces to untrusted networks. Security teams responsible for SOHO and small business router deployments should prioritize assessment and mitigation.
Technical summary
The Edimax BR-6478AC running firmware 1.23 contains a buffer overflow in the formUSBAccount function of the /goform/formUSBAccount POST request handler. The UserName and Password parameters are not properly bounds-checked, allowing remote attackers to overflow buffers and potentially execute arbitrary code or crash the device. The vulnerability is remotely exploitable with a publicly available exploit. The CVSS 4.0 base score is 7.4 (HIGH), with network attack vector, low complexity, and high impacts to confidentiality, integrity, and availability.
Defensive priority
HIGH
Recommended defensive actions
- Restrict network access to the router's administrative interface, particularly the /goform/formUSBAccount endpoint, to trusted management networks only
- Monitor for unexpected POST requests to /goform/formUSBAccount containing oversized UserName or Password parameters
- Apply firmware updates from Edimax if and when available for the BR-6478AC model
- Consider replacing the affected device if vendor support has ended and no patch is forthcoming
- Implement network segmentation to isolate affected routers from critical infrastructure
- Review logs for signs of exploitation attempts, including device crashes or unexpected reboots that may indicate buffer overflow triggering
Evidence notes
Vulnerability identified in Edimax BR-6478AC firmware 1.23. Affected endpoint: /goform/formUSBAccount. Vulnerable parameters: UserName and Password. CVSS 4.0 score: 7.4 (HIGH). Weaknesses: CWE-119, CWE-120. Exploit status: publicly disclosed and may be used. Vendor attribution marked as low confidence with needsReview flag due to source domain candidate being Notion rather than official vendor channel.
Official resources
Public disclosure with exploit available